diff --git a/.lint/ansible-lint-prod.conf b/.lint/ansible-lint-prod.conf
index 3092f304905dabe9d5de192242a5c1a5abc1f591..ee84481604db228a67eeec8866247863e1bec5bf 100644
--- a/.lint/ansible-lint-prod.conf
+++ b/.lint/ansible-lint-prod.conf
@@ -4,19 +4,20 @@ profile: production # min, basic, moderate, safety, shared, production
exclude_paths:
- inventories/
- - ../playbooks/bench-monitoring.yml
- .cache/
- ${HOME}/.cache/
+# Moved into the ".ansible-lint-ignore" file
skip_list:
- - meta-no-info # Skip warnings for missing galaxy_info in roles
- - role-name # Skip role name pattern verification ("-" should not be used)
- - package-latest # Skip warning when package installation state is set to latest
- - experimental # Skip all rules tagged as experimental, as schema validation
- - name[play] # Skip the rule dictating that all play should have a name
- - name[casing] # Skip the rule dictating that all task name should begin with uppercase
- - template-instead-of-copy # Skip forcing the use of templates
- - name[template] # Skip forcing to use jinja var at the end of a task name
- - fqcn[action] # Skip full FQCN for ansible actions
+ # Skip necessity to prefix role vars with role name
+ - var-naming[no-role-prefix]
+ # Roles should not be called with path, they should be foundable by ansible
+ # To fix when considering packaging everything with ansible galaxy
+ - role-name[path]
+ # Some tasks and plays do not have names on purpose, to avoid excess of verbosity
+ - name[play]
+ - name[missing]
+ # To fix this would require implementing multiline comments in the variable generation scripts
+ - yaml[line-length]
...
diff --git a/.lint/ansible-lint.conf b/.lint/ansible-lint.conf
index 78ce6b741ffae972fbd766ceef38b5c6b6118f79..3768e316fefe899b066b61ef36aeb71927304010 100644
--- a/.lint/ansible-lint.conf
+++ b/.lint/ansible-lint.conf
@@ -8,11 +8,16 @@ exclude_paths:
- ${HOME}/.cache/
# Moved into the ".ansible-lint-ignore" file
-#skip_list:
-# - role-name # Skip role name pattern verification ("-" should not be used)
-# - name[play] # Skip the rule dictating that all play should have a name
-# - name[casing] # Skip the rule dictating that all task name should begin with uppercase
-# - name[template] # Skip forcing to use jinja var at the end of a task name
-# - var-naming[no-role-prefix] # Skip necessity to prefix role vars with role name
+skip_list:
+ # Skip necessity to prefix role vars with role name
+ - var-naming[no-role-prefix]
+ # Roles should not be called with path, they should be foundable by ansible
+ # To fix when considering packaging everything with ansible galaxy
+ - role-name[path]
+ # Some tasks and plays do not have names on purpose, to avoid excess of verbosity
+ - name[play]
+ - name[missing]
+ # To fix this would require implementing multiline comments in the variable generation scripts
+ - yaml[line-length]
...
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 6bd21f2f39ab68f93996d5bdc93f23198b1a0432..37608b13c4fbe8aebaa45fb1cf408992d64df3d7 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,6 +1,33 @@
-# 2024-03-22
+# 2024-03-14
-* Remove netcapture miris api configuration, api key is now generated by `ubicast-netcapture` package
+Update of the `letsencrypt` role and playbook to be more independant from the reste of the deployment.
+See the [Let's Encrypt playbook README](./playbooks/nudgis/letsencrypt/README.md) for more informations.
+
+# 2024-02-22
+
+* Improve and revamp the roles and playbooks tree and names for more clarity
+* Generalization of group names for more clarity and robusteness in the futur
+
+The following inventory group name transition rules apply :
+
+Old group name | New group name
+---------------|-----------------
+sysconfig | config
+sysuser | user
+mediaserver | front
+mediacache | cache
+mirismanager | manager
+mediaimport | import
+mediavault | vault
+celerity | task_management_server
+worker | task_management_client
+munin_node | monitor_client
+webmonitor | monitor_server
+
+**Note:** See inventory examples and roles documentations for details on how to adapt to the new structure
+
+System configuration roles are no longer forced. It is possible to avoid the configuration of these elements from the `site.yml` playbook.
+For example, if you don't want to configure `ntp`, just comment out the `import_playbook: system/ntp/deploy.yml` line in `site.yml`.
# 2024-02-16
diff --git a/inventories/example/ha/group_vars/all.yml b/inventories/example/ha/group_vars/all.yml
index 6b67fd056de5e7686ec84e58c84cf0031917b4fc..46a69f5e2c46df93be77517aedfde200320a11ad 100644
--- a/inventories/example/ha/group_vars/all.yml
+++ b/inventories/example/ha/group_vars/all.yml
@@ -1,62 +1,54 @@
---
-# celerity:
-# IP or domain on which the celerity server service can be joined
-# mediaserver:
+# front:
# IPv4 address used to join the celerity server
-# mediaworker:
+# task_management_client:
+# IP or domain on which the celerity server service can be joined
+# task_management_server:
# IP or domain on which the celerity server service can be joined
-celerity_server_domain: "{{ hostvars[groups['celerity'][0]]['ansible_default_ipv4']['address'] }}"
+celerity_server_domain: "{{ hostvars[groups['task_management_server'][0]]['ansible_default_ipv4']['address'] }}"
-# celerity:
-# Secret key shared between celerity server and workers for communications (should be the same everywhere for communication)
-# mediaserver:
+# front:
# Key used to encrypt communications to and from celerity server
-# mediaworker:
+# task_management_client:
+# Secret key shared between celerity server and workers for communications (should be the same everywhere for communication)
+# task_management_server:
# Secret key shared between celerity server and workers for communications (should be the same everywhere for communication)
celerity_signing_key: "my-signing-key"
+# cache:
+# URL of the Nudgis Live cluster
# live:
# Domain name of the live cluster (only if distinct live server(s) from MediaServer and live_ha variable is set to True)
-# mediacache:
-# URL of the Nudgis Live cluster
live_domain: "live.ubica.st"
-# mediaserver:
+# front:
# Defines the default deployed Nudgis portal linked mirismanager domain (correspond to the URL of the mirismanager portal when adding the HTTP(S) prefix)
-# mirismanager:
+# manager:
# Defines the default domain for the Nudgis Manager
manager_domain: "manager.ubica.st"
-# celerity:
-# Nudgis API key, used to communicate with the nudgis portal
-# mediaserver:
+# front:
# Defines the default deployed Nudgis portal master API key
-# mediaworker:
+# task_management_client:
+# Nudgis API key, used to communicate with the nudgis portal
+# task_management_server:
# Nudgis API key, used to communicate with the nudgis portal
nudgis_front_api_key: "XXXXX-XXXXX-XXXXX-XXXXX-XXXXX"
-# celerity:
-# Defines the default deployed Nudgis portal domain (will be the URL of the portal when adding the HTTP(S) prefix)
-# mediacache:
+# cache:
# URL of Nudgis Front cluster
-# mediaserver:
+# front:
# Defines the default deployed Nudgis portal domain (will be the URL of the portal when adding the HTTP(S) prefix)
-# mediaworker:
+# task_management_client:
# URL of the default Nudgis "msuser" portal used to populate the /etc/celerity/config.py file
+# task_management_server:
+# Defines the default deployed Nudgis portal domain (will be the URL of the portal when adding the HTTP(S) prefix)
nudgis_front_domain: "nudgis.ubica.st"
-# celerity:
-# Nudgis system username for the application portal, used as a JSON key in celerity config for nudgis API usage (see also nudgis_front_api_key)
-# mediaserver:
-# Defines the default deployed Nudgis portal short name (and linked unix user)
-# mediaworker:
-# Nudgis system username for the application portal, used as a JSON key in celerity config for nudgis API usage (see also nudgis_front_api_key)
-nudgis_front_system_user: "msuser"
-
-# munin_node:
+# monitor_client:
# Short name of the customer, with no spaces. This name is used in munin to group the graphs under the same name.
-# munin_server:
+# monitor_server:
# Short name of the customer, with no spaces. This name is used in munin to group the graphs under the same name.
ubicast_customer_name: "UbiCast-HA"
diff --git a/inventories/example/ha/group_vars/fail2ban.yml b/inventories/example/ha/group_vars/fail2ban.yml
index 823a46dd132d02a48512bc0776fde104b3e62042..df1bf9f619db040166655c34b5f8a690791f8b83 100644
--- a/inventories/example/ha/group_vars/fail2ban.yml
+++ b/inventories/example/ha/group_vars/fail2ban.yml
@@ -1,21 +1,9 @@
---
-# Define the default action to do when a ban occurs ("action_mwl" to send whois and logs via email or "action_" for default)
-#fail2ban_action: "action_mwl"
-
-# Duration of bans
-#fail2ban_bantime: "10m"
-
# Email sender of the fail2ban reports
#fail2ban_email_from: "root@localhost"
# Email reciepient of the fail2ban reports
#fail2ban_email_to: "noreply@example.com"
-# IP addresses exceptions (no monitored by fail2ban)
-#fail2ban_ignoreip: "127.0.0.1/8 ::1"
-
-# Number of acceptable failures before banning an IP
-#fail2ban_maxretry: "5"
-
...
\ No newline at end of file
diff --git a/inventories/example/ha/group_vars/mediaserver.yml b/inventories/example/ha/group_vars/front.yml
similarity index 72%
rename from inventories/example/ha/group_vars/mediaserver.yml
rename to inventories/example/ha/group_vars/front.yml
index 6ee753be5b9cc8b340e5375da6e8355682bb0975..b056abb71dcc0dab20d7c7880f09c04aa7177319 100644
--- a/inventories/example/ha/group_vars/mediaserver.yml
+++ b/inventories/example/ha/group_vars/front.yml
@@ -12,16 +12,10 @@ nudgis_front_database_port: "54321"
# Defines the address for the Nudgis Front emails sender
#nudgis_front_email_from: "noreply@{{ nudgis_front_domain }}"
-# Directory to store the Nudgis portals data
-#nudgis_front_instances_dir: "/data"
-
-# Directory to store the Nudgis lock files. This directory should be shared between the Nudgis Fronts in HA cases.
-#nudgis_front_lock_dir: "/data"
-
# Defines the default deployed Nudgis portal "admin" user password
nudgis_front_user_admin_password: "my-password"
# Defines the default deployed Nudgis portal "ubicast" user password
nudgis_front_user_ubicast_password: "my-password"
-...
+...
\ No newline at end of file
diff --git a/inventories/example/ha/group_vars/localisation.yml b/inventories/example/ha/group_vars/localisation.yml
new file mode 100644
index 0000000000000000000000000000000000000000..ea0f2d59bf19a7a19a97aa3e7671edab55bc4300
--- /dev/null
+++ b/inventories/example/ha/group_vars/localisation.yml
@@ -0,0 +1,9 @@
+---
+
+# Value for the system locale
+init_locale: "en_GB.UTF-8"
+
+# Timezone to set on the servers (`timedatectl list-timezones` for the complete list)
+#init_timezone: "Europe/Paris"
+
+...
\ No newline at end of file
diff --git a/inventories/example/ha/group_vars/mirismanager.yml b/inventories/example/ha/group_vars/manager.yml
similarity index 100%
rename from inventories/example/ha/group_vars/mirismanager.yml
rename to inventories/example/ha/group_vars/manager.yml
diff --git a/inventories/example/ha/group_vars/monitor_client.yml b/inventories/example/ha/group_vars/monitor_client.yml
new file mode 100644
index 0000000000000000000000000000000000000000..4da8fea81ecc6777eba63d3a6a2a12ad258b5e8c
--- /dev/null
+++ b/inventories/example/ha/group_vars/monitor_client.yml
@@ -0,0 +1,6 @@
+---
+
+# IP of the munin server to authorize in munin_node
+#munin_server_ip: ""
+
+...
\ No newline at end of file
diff --git a/inventories/example/std/group_vars/msmonitor.yml b/inventories/example/ha/group_vars/monitor_server.yml
similarity index 65%
rename from inventories/example/std/group_vars/msmonitor.yml
rename to inventories/example/ha/group_vars/monitor_server.yml
index a9167132c61bb465638876f2d561b9a8615e5e8f..8c290c6ef93c8579906763328d73bfc919e0864f 100644
--- a/inventories/example/std/group_vars/msmonitor.yml
+++ b/inventories/example/ha/group_vars/monitor_server.yml
@@ -9,4 +9,7 @@ monitor_user_admin_password: "my-password"
# Password for the webmonitor ubicast user
monitor_user_ubicast_password: "my-password"
+# List of munin_nodes with their names and IP (each element of the list is a dictionary with a "name" and a "ip" key)
+#munin_nodes: []
+
...
\ No newline at end of file
diff --git a/inventories/example/ha/group_vars/postgres.yml b/inventories/example/ha/group_vars/postgres.yml
index da094b6997c7c8d3d03f8615a9a24bb0823bde0d..429224ba39c4b0ea38d79d1f0af46bd12abbf594 100644
--- a/inventories/example/ha/group_vars/postgres.yml
+++ b/inventories/example/ha/group_vars/postgres.yml
@@ -1,56 +1,9 @@
---
-# PostgreSQL configuration key/values
-#database_conf:
-# - content: ''
-# name: main
-
-# Dictionnary of extra databases to deploy (with `name` and `owner` keys)
-#database_databases: []
-
-# PostgreSQL user/host connection file
-#database_host_authentification:
-# - method: peer
-# type: local
-# - address: 127.0.0.1/32
-# type: hostssl
-# - address: ::1/128
-# type: hostssl
-# - database: replication
-# method: peer
-# type: local
-# - address: 127.0.0.1/32
-# database: replication
-# type: hostssl
-# - address: ::1/128
-# database: replication
-# type: hostssl
-
# Password for the postgres admin account
database_password: "my-password"
-# Dictionnary of extra PostgreSQL users to deploy (with `name`, `password`, `db`, `priv` and `roles` keys)
-#database_users: []
-
-# [HA only] Conninfo parameter populated in the repmgr configuration file
-#repmgr_conninfo: "host={{ ansible_default_ipv4.address }} dbname={{ repmgr_database }} user={{ repmgr_user }} connect_timeout={{ repmgr_timeout }}"
-
-# [HA only] Name of the repmgr database
-#repmgr_database: "repmgr"
-
# [HA only] Password of the repmgr DB user
repmgr_password: "my-password"
-# [HA only] Listening port for rephacheck
-#repmgr_repha_port: 8543
-
-# [HA only] List of roles for the repmgr user PostgreSQL pg_hba configuration
-#repmgr_roles: "LOGIN,REPLICATION,SUPERUSER"
-
-# [HA only] Timeout value for the repmgr connections
-#repmgr_timeout: 5
-
-# [HA only] Username of the repmgr DB user
-#repmgr_user: "repmgr"
-
...
\ No newline at end of file
diff --git a/inventories/example/ha/group_vars/repository.yml b/inventories/example/ha/group_vars/repository.yml
new file mode 100644
index 0000000000000000000000000000000000000000..27527a8d6df032dec123e40180ec3c57f16e6d8a
--- /dev/null
+++ b/inventories/example/ha/group_vars/repository.yml
@@ -0,0 +1,9 @@
+---
+
+# Domain to use for the Debian repositories
+#repos_debian_packages_domain: "deb.debian.org"
+
+# Domain to use for the Debian security repositories
+#repos_debian_security_packages_domain: "security.debian.org"
+
+...
\ No newline at end of file
diff --git a/inventories/example/ha/group_vars/sysconfig.yml b/inventories/example/ha/group_vars/sysconfig.yml
deleted file mode 100644
index aebfb076b4165d8180456e0ed6db2fe41c579917..0000000000000000000000000000000000000000
--- a/inventories/example/ha/group_vars/sysconfig.yml
+++ /dev/null
@@ -1,18 +0,0 @@
----
-
-# Value for the system locale
-init_locale: "en_GB.UTF-8"
-
-# Timezone to set on the servers (`timedatectl list-timezones` for the complete list)
-#init_timezone: "Europe/Paris"
-
-# Domain to use for the Debian repositories
-#repos_debian_packages_domain: "deb.debian.org"
-
-# Domain to use for the Debian security repositories
-#repos_debian_security_packages_domain: "security.debian.org"
-
-# Debian distribution short name (example: "bullseye")
-#repos_release: "{{ ansible_distribution_release }}"
-
-...
\ No newline at end of file
diff --git a/inventories/example/ha/group_vars/mediavault.yml b/inventories/example/ha/group_vars/vault.yml
similarity index 84%
rename from inventories/example/ha/group_vars/mediavault.yml
rename to inventories/example/ha/group_vars/vault.yml
index e5f2d3c120b92f64d8c03a52d5bcae9c55523dab..f96f17c22cbcde70730fb8dc2c771b6b5549743f 100644
--- a/inventories/example/ha/group_vars/mediavault.yml
+++ b/inventories/example/ha/group_vars/vault.yml
@@ -1,7 +1,7 @@
---
# Boolean to activate the mail notifications
-#vault_email_enabled: True
+#vault_email_enabled: true
# Destination address for the Nudgis Vault emails
#vault_email_to: "noreply@example.com"
diff --git a/inventories/example/ha/host_vars/ha-cel.yml b/inventories/example/ha/host_vars/ha-cel.yml
index 0e3c2482a0c37e010cab0d5620eb44a3d8a1d4e4..a2a0e2fc43449bade1c7af22a82f8c67256d428d 100644
--- a/inventories/example/ha/host_vars/ha-cel.yml
+++ b/inventories/example/ha/host_vars/ha-cel.yml
@@ -1,16 +1,16 @@
---
-# sysconfig:
+# ntp:
# List of NTP servers to use on the systems
ntp_servers:
- 0.debian.pool.ntp.org
- 1.debian.pool.ntp.org
-# sysconfig:
+# repository:
# Do not configure any repository and use local repository
-# sysuser:
+# ssh:
# Do not configure any ubicast ssh public key
-#offline_mode: False
+#offline_mode: false
# postfix:
# Define the specified email address for the unix root account (in /etc/aliases)
@@ -36,25 +36,25 @@ postfix_mailname: "ubica.st"
# Password of the SMTP SASL account
#postfix_relay_user: ""
-# sysconfig:
+# repository:
# Prefix of the debian repositories, with the protocol (example: "http://"). Used when the apt-cacher-ng of the Nudgis Manager proxifies the debian repositories.
#repos_debian_prefix: "http://"
-# sysconfig:
+# repository:
# Domain of the UbiCast debian packages repository URL
repos_ubicast_packages_domain: "manager.ubica.st"
-# sysconfig:
+# repository:
# Token used in the UbiCast debian repository URL
# tester:
# UbiCast repository token used to make API call to mirismanager.ubicast.net to retrieve system informations
repos_ubicast_packages_token: "UBICAST-APT-TOKEN"
-# sysuser:
+# user:
# Password for the system user admin
sysuser_admin_password: "my-password"
-# sysuser:
+# user:
# Password for the system user ubicast
sysuser_ubicast_password: "my-password"
@@ -62,10 +62,6 @@ sysuser_ubicast_password: "my-password"
# Sender of the email report
#tester_email_from: "ubicast.tester"
-# tester:
-# Name of the system in the reports
-#tester_system_name: "{{ inventory_hostname }}"
-
# tester:
# List of tests to ignore when executing the ubicast-tester
tester_tests_ignored:
diff --git a/inventories/example/ha/host_vars/ha-db1.yml b/inventories/example/ha/host_vars/ha-db1.yml
index 498488e4b5e2dbaeddc1857e9c18de21f6ee0989..a2a0e2fc43449bade1c7af22a82f8c67256d428d 100644
--- a/inventories/example/ha/host_vars/ha-db1.yml
+++ b/inventories/example/ha/host_vars/ha-db1.yml
@@ -1,20 +1,16 @@
---
-# postgres:
-# [HA only] Define database role on this host. Possible values: primary, standby or witness
-database_role: "primary"
-
-# sysconfig:
+# ntp:
# List of NTP servers to use on the systems
ntp_servers:
- 0.debian.pool.ntp.org
- 1.debian.pool.ntp.org
-# sysconfig:
+# repository:
# Do not configure any repository and use local repository
-# sysuser:
+# ssh:
# Do not configure any ubicast ssh public key
-#offline_mode: False
+#offline_mode: false
# postfix:
# Define the specified email address for the unix root account (in /etc/aliases)
@@ -40,25 +36,25 @@ postfix_mailname: "ubica.st"
# Password of the SMTP SASL account
#postfix_relay_user: ""
-# sysconfig:
+# repository:
# Prefix of the debian repositories, with the protocol (example: "http://"). Used when the apt-cacher-ng of the Nudgis Manager proxifies the debian repositories.
#repos_debian_prefix: "http://"
-# sysconfig:
+# repository:
# Domain of the UbiCast debian packages repository URL
repos_ubicast_packages_domain: "manager.ubica.st"
-# sysconfig:
+# repository:
# Token used in the UbiCast debian repository URL
# tester:
# UbiCast repository token used to make API call to mirismanager.ubicast.net to retrieve system informations
repos_ubicast_packages_token: "UBICAST-APT-TOKEN"
-# sysuser:
+# user:
# Password for the system user admin
sysuser_admin_password: "my-password"
-# sysuser:
+# user:
# Password for the system user ubicast
sysuser_ubicast_password: "my-password"
@@ -66,10 +62,6 @@ sysuser_ubicast_password: "my-password"
# Sender of the email report
#tester_email_from: "ubicast.tester"
-# tester:
-# Name of the system in the reports
-#tester_system_name: "{{ inventory_hostname }}"
-
# tester:
# List of tests to ignore when executing the ubicast-tester
tester_tests_ignored:
diff --git a/inventories/example/ha/host_vars/ha-db2.yml b/inventories/example/ha/host_vars/ha-db2.yml
index 4e246888292579a7477714688680b27b0a0e86fd..a2a0e2fc43449bade1c7af22a82f8c67256d428d 100644
--- a/inventories/example/ha/host_vars/ha-db2.yml
+++ b/inventories/example/ha/host_vars/ha-db2.yml
@@ -1,20 +1,16 @@
---
-# postgres:
-# [HA only] Define database role on this host. Possible values: primary, standby or witness
-database_role: "standby"
-
-# sysconfig:
+# ntp:
# List of NTP servers to use on the systems
ntp_servers:
- 0.debian.pool.ntp.org
- 1.debian.pool.ntp.org
-# sysconfig:
+# repository:
# Do not configure any repository and use local repository
-# sysuser:
+# ssh:
# Do not configure any ubicast ssh public key
-#offline_mode: False
+#offline_mode: false
# postfix:
# Define the specified email address for the unix root account (in /etc/aliases)
@@ -40,25 +36,25 @@ postfix_mailname: "ubica.st"
# Password of the SMTP SASL account
#postfix_relay_user: ""
-# sysconfig:
+# repository:
# Prefix of the debian repositories, with the protocol (example: "http://"). Used when the apt-cacher-ng of the Nudgis Manager proxifies the debian repositories.
#repos_debian_prefix: "http://"
-# sysconfig:
+# repository:
# Domain of the UbiCast debian packages repository URL
repos_ubicast_packages_domain: "manager.ubica.st"
-# sysconfig:
+# repository:
# Token used in the UbiCast debian repository URL
# tester:
# UbiCast repository token used to make API call to mirismanager.ubicast.net to retrieve system informations
repos_ubicast_packages_token: "UBICAST-APT-TOKEN"
-# sysuser:
+# user:
# Password for the system user admin
sysuser_admin_password: "my-password"
-# sysuser:
+# user:
# Password for the system user ubicast
sysuser_ubicast_password: "my-password"
@@ -66,10 +62,6 @@ sysuser_ubicast_password: "my-password"
# Sender of the email report
#tester_email_from: "ubicast.tester"
-# tester:
-# Name of the system in the reports
-#tester_system_name: "{{ inventory_hostname }}"
-
# tester:
# List of tests to ignore when executing the ubicast-tester
tester_tests_ignored:
diff --git a/inventories/example/ha/host_vars/ha-dbw.yml b/inventories/example/ha/host_vars/ha-dbw.yml
index 361c5340ef76ad5eb5f028b1e51c5665779760aa..a2a0e2fc43449bade1c7af22a82f8c67256d428d 100644
--- a/inventories/example/ha/host_vars/ha-dbw.yml
+++ b/inventories/example/ha/host_vars/ha-dbw.yml
@@ -1,20 +1,16 @@
---
-# postgres:
-# [HA only] Define database role on this host. Possible values: primary, standby or witness
-database_role: "witness"
-
-# sysconfig:
+# ntp:
# List of NTP servers to use on the systems
ntp_servers:
- 0.debian.pool.ntp.org
- 1.debian.pool.ntp.org
-# sysconfig:
+# repository:
# Do not configure any repository and use local repository
-# sysuser:
+# ssh:
# Do not configure any ubicast ssh public key
-#offline_mode: False
+#offline_mode: false
# postfix:
# Define the specified email address for the unix root account (in /etc/aliases)
@@ -40,25 +36,25 @@ postfix_mailname: "ubica.st"
# Password of the SMTP SASL account
#postfix_relay_user: ""
-# sysconfig:
+# repository:
# Prefix of the debian repositories, with the protocol (example: "http://"). Used when the apt-cacher-ng of the Nudgis Manager proxifies the debian repositories.
#repos_debian_prefix: "http://"
-# sysconfig:
+# repository:
# Domain of the UbiCast debian packages repository URL
repos_ubicast_packages_domain: "manager.ubica.st"
-# sysconfig:
+# repository:
# Token used in the UbiCast debian repository URL
# tester:
# UbiCast repository token used to make API call to mirismanager.ubicast.net to retrieve system informations
repos_ubicast_packages_token: "UBICAST-APT-TOKEN"
-# sysuser:
+# user:
# Password for the system user admin
sysuser_admin_password: "my-password"
-# sysuser:
+# user:
# Password for the system user ubicast
sysuser_ubicast_password: "my-password"
@@ -66,10 +62,6 @@ sysuser_ubicast_password: "my-password"
# Sender of the email report
#tester_email_from: "ubicast.tester"
-# tester:
-# Name of the system in the reports
-#tester_system_name: "{{ inventory_hostname }}"
-
# tester:
# List of tests to ignore when executing the ubicast-tester
tester_tests_ignored:
diff --git a/inventories/example/ha/host_vars/ha-live1.yml b/inventories/example/ha/host_vars/ha-live1.yml
index 8149a1ff1041f0ef7bc87be070ecebadfc1f0717..71da228e9f1dccc646347c2e07b177d081fee33c 100644
--- a/inventories/example/ha/host_vars/ha-live1.yml
+++ b/inventories/example/ha/host_vars/ha-live1.yml
@@ -4,17 +4,17 @@
# Size of the tmpfs storing the live chunks (unit g or m and only if distinct live server(s) from MediaServer)
#live_tmpfs_size: "2048m"
-# sysconfig:
+# ntp:
# List of NTP servers to use on the systems
ntp_servers:
- 0.debian.pool.ntp.org
- 1.debian.pool.ntp.org
-# sysconfig:
+# repository:
# Do not configure any repository and use local repository
-# sysuser:
+# ssh:
# Do not configure any ubicast ssh public key
-#offline_mode: False
+#offline_mode: false
# postfix:
# Define the specified email address for the unix root account (in /etc/aliases)
@@ -40,25 +40,25 @@ postfix_mailname: "ubica.st"
# Password of the SMTP SASL account
#postfix_relay_user: ""
-# sysconfig:
+# repository:
# Prefix of the debian repositories, with the protocol (example: "http://"). Used when the apt-cacher-ng of the Nudgis Manager proxifies the debian repositories.
#repos_debian_prefix: "http://"
-# sysconfig:
+# repository:
# Domain of the UbiCast debian packages repository URL
repos_ubicast_packages_domain: "manager.ubica.st"
-# sysconfig:
+# repository:
# Token used in the UbiCast debian repository URL
# tester:
# UbiCast repository token used to make API call to mirismanager.ubicast.net to retrieve system informations
repos_ubicast_packages_token: "UBICAST-APT-TOKEN"
-# sysuser:
+# user:
# Password for the system user admin
sysuser_admin_password: "my-password"
-# sysuser:
+# user:
# Password for the system user ubicast
sysuser_ubicast_password: "my-password"
@@ -66,10 +66,6 @@ sysuser_ubicast_password: "my-password"
# Sender of the email report
#tester_email_from: "ubicast.tester"
-# tester:
-# Name of the system in the reports
-#tester_system_name: "{{ inventory_hostname }}"
-
# tester:
# List of tests to ignore when executing the ubicast-tester
tester_tests_ignored:
diff --git a/inventories/example/ha/host_vars/ha-live2.yml b/inventories/example/ha/host_vars/ha-live2.yml
index 8149a1ff1041f0ef7bc87be070ecebadfc1f0717..71da228e9f1dccc646347c2e07b177d081fee33c 100644
--- a/inventories/example/ha/host_vars/ha-live2.yml
+++ b/inventories/example/ha/host_vars/ha-live2.yml
@@ -4,17 +4,17 @@
# Size of the tmpfs storing the live chunks (unit g or m and only if distinct live server(s) from MediaServer)
#live_tmpfs_size: "2048m"
-# sysconfig:
+# ntp:
# List of NTP servers to use on the systems
ntp_servers:
- 0.debian.pool.ntp.org
- 1.debian.pool.ntp.org
-# sysconfig:
+# repository:
# Do not configure any repository and use local repository
-# sysuser:
+# ssh:
# Do not configure any ubicast ssh public key
-#offline_mode: False
+#offline_mode: false
# postfix:
# Define the specified email address for the unix root account (in /etc/aliases)
@@ -40,25 +40,25 @@ postfix_mailname: "ubica.st"
# Password of the SMTP SASL account
#postfix_relay_user: ""
-# sysconfig:
+# repository:
# Prefix of the debian repositories, with the protocol (example: "http://"). Used when the apt-cacher-ng of the Nudgis Manager proxifies the debian repositories.
#repos_debian_prefix: "http://"
-# sysconfig:
+# repository:
# Domain of the UbiCast debian packages repository URL
repos_ubicast_packages_domain: "manager.ubica.st"
-# sysconfig:
+# repository:
# Token used in the UbiCast debian repository URL
# tester:
# UbiCast repository token used to make API call to mirismanager.ubicast.net to retrieve system informations
repos_ubicast_packages_token: "UBICAST-APT-TOKEN"
-# sysuser:
+# user:
# Password for the system user admin
sysuser_admin_password: "my-password"
-# sysuser:
+# user:
# Password for the system user ubicast
sysuser_ubicast_password: "my-password"
@@ -66,10 +66,6 @@ sysuser_ubicast_password: "my-password"
# Sender of the email report
#tester_email_from: "ubicast.tester"
-# tester:
-# Name of the system in the reports
-#tester_system_name: "{{ inventory_hostname }}"
-
# tester:
# List of tests to ignore when executing the ubicast-tester
tester_tests_ignored:
diff --git a/inventories/example/ha/host_vars/ha-misc1.yml b/inventories/example/ha/host_vars/ha-misc1.yml
index e09039db17c9fcc20ed1df75272dbb9da169be70..ee1a16e4f82d32aca8454bd79cb6efe99186e3cf 100644
--- a/inventories/example/ha/host_vars/ha-misc1.yml
+++ b/inventories/example/ha/host_vars/ha-misc1.yml
@@ -1,64 +1,48 @@
---
-# mediacache:
+# cache:
# URL of the Nudgis Cache vhost
cache_domain: "cache.ubica.st"
-# mediacache:
+# cache:
# Path of the folder to cache the Live service data
#cache_live_folder: "/var/cache/nginx/mediacache-live"
-# mediacache:
+# cache:
# Max size allowed for the Live service data
#cache_live_size: "1"
-# mediacache:
+# cache:
# Path of the folder to cache the VOD service data
#cache_vod_folder: "/var/cache/nginx/mediacache-vod"
-# mediacache:
+# cache:
# Max size allowed for the VOD service data
#cache_vod_size: "1"
-# netcapture:
-# Folder used to store the configurations
-#netcapture_conf_folder: "/etc/miris/conf"
+# lxc:
+# LXC network type
+lxc_network_type: "masquerade_bridge"
# netcapture:
-# Folder used to store the medias
-#netcapture_media_folder: "/data/netcapture/media"
+# Password of the deployed netcapture miris API
+netcapture_miris_user_pwd: "my-password"
# netcapture:
# Activates the SSL verification when calling the Nudgis Manager
-#netcapture_mm_ssl: True
-
-# netcapture:
-# Folder used to store the packages
-#netcapture_pkg_folder: "/data/netcapture/packages"
-
-# nginx:
-# IPv4 address of the reverse-proxy or loadbalancer above the server(s)
-#nginx_real_ip_from: ""
+#netcapture_mm_ssl: true
-# nginx:
-# Path of the SSL certificate for nginx configuration
-#nginx_ssl_certificate: "/etc/ssl/certs/ssl-cert-snakeoil.pem"
-
-# nginx:
-# Path of the SSL key for nginx configuration
-#nginx_ssl_certificate_key: "/etc/ssl/private/ssl-cert-snakeoil.key"
-
-# sysconfig:
+# ntp:
# List of NTP servers to use on the systems
ntp_servers:
- 0.debian.pool.ntp.org
- 1.debian.pool.ntp.org
-# sysconfig:
+# repository:
# Do not configure any repository and use local repository
-# sysuser:
+# ssh:
# Do not configure any ubicast ssh public key
-#offline_mode: False
+#offline_mode: false
# postfix:
# Define the specified email address for the unix root account (in /etc/aliases)
@@ -84,25 +68,25 @@ postfix_mailname: "ubica.st"
# Password of the SMTP SASL account
#postfix_relay_user: ""
-# sysconfig:
+# repository:
# Prefix of the debian repositories, with the protocol (example: "http://"). Used when the apt-cacher-ng of the Nudgis Manager proxifies the debian repositories.
#repos_debian_prefix: "http://"
-# sysconfig:
+# repository:
# Domain of the UbiCast debian packages repository URL
repos_ubicast_packages_domain: "manager.ubica.st"
-# sysconfig:
+# repository:
# Token used in the UbiCast debian repository URL
# tester:
# UbiCast repository token used to make API call to mirismanager.ubicast.net to retrieve system informations
repos_ubicast_packages_token: "UBICAST-APT-TOKEN"
-# sysuser:
+# user:
# Password for the system user admin
sysuser_admin_password: "my-password"
-# sysuser:
+# user:
# Password for the system user ubicast
sysuser_ubicast_password: "my-password"
@@ -110,17 +94,13 @@ sysuser_ubicast_password: "my-password"
# Sender of the email report
#tester_email_from: "ubicast.tester"
-# tester:
-# Name of the system in the reports
-#tester_system_name: "{{ inventory_hostname }}"
-
# tester:
# List of tests to ignore when executing the ubicast-tester
tester_tests_ignored:
- uptime.sh
-# mediavault:
+# vault:
# From fields for email sending (as defined in RFC2822)
#vault_email_from: "{{ ansible_fqdn }} <backup@{{ ansible_fqdn }}>"
-...
+...
\ No newline at end of file
diff --git a/inventories/example/ha/host_vars/ha-mm.yml b/inventories/example/ha/host_vars/ha-mm.yml
index 6e2cb0a3d6ce660707837bf3f15ffb050e162c02..a2a0e2fc43449bade1c7af22a82f8c67256d428d 100644
--- a/inventories/example/ha/host_vars/ha-mm.yml
+++ b/inventories/example/ha/host_vars/ha-mm.yml
@@ -1,32 +1,16 @@
---
-# mirismanager:
-# Mandatory proxy to use in apt-cacher-ng
-#http_proxy: ""
-
-# nginx:
-# IPv4 address of the reverse-proxy or loadbalancer above the server(s)
-#nginx_real_ip_from: ""
-
-# nginx:
-# Path of the SSL certificate for nginx configuration
-#nginx_ssl_certificate: "/etc/ssl/certs/ssl-cert-snakeoil.pem"
-
-# nginx:
-# Path of the SSL key for nginx configuration
-#nginx_ssl_certificate_key: "/etc/ssl/private/ssl-cert-snakeoil.key"
-
-# sysconfig:
+# ntp:
# List of NTP servers to use on the systems
ntp_servers:
- 0.debian.pool.ntp.org
- 1.debian.pool.ntp.org
-# sysconfig:
+# repository:
# Do not configure any repository and use local repository
-# sysuser:
+# ssh:
# Do not configure any ubicast ssh public key
-#offline_mode: False
+#offline_mode: false
# postfix:
# Define the specified email address for the unix root account (in /etc/aliases)
@@ -52,25 +36,25 @@ postfix_mailname: "ubica.st"
# Password of the SMTP SASL account
#postfix_relay_user: ""
-# sysconfig:
+# repository:
# Prefix of the debian repositories, with the protocol (example: "http://"). Used when the apt-cacher-ng of the Nudgis Manager proxifies the debian repositories.
#repos_debian_prefix: "http://"
-# sysconfig:
+# repository:
# Domain of the UbiCast debian packages repository URL
repos_ubicast_packages_domain: "manager.ubica.st"
-# sysconfig:
+# repository:
# Token used in the UbiCast debian repository URL
# tester:
# UbiCast repository token used to make API call to mirismanager.ubicast.net to retrieve system informations
repos_ubicast_packages_token: "UBICAST-APT-TOKEN"
-# sysuser:
+# user:
# Password for the system user admin
sysuser_admin_password: "my-password"
-# sysuser:
+# user:
# Password for the system user ubicast
sysuser_ubicast_password: "my-password"
@@ -78,10 +62,6 @@ sysuser_ubicast_password: "my-password"
# Sender of the email report
#tester_email_from: "ubicast.tester"
-# tester:
-# Name of the system in the reports
-#tester_system_name: "{{ inventory_hostname }}"
-
# tester:
# List of tests to ignore when executing the ubicast-tester
tester_tests_ignored:
diff --git a/inventories/example/ha/host_vars/ha-ms1.yml b/inventories/example/ha/host_vars/ha-ms1.yml
index 76d45047e39d02e2351d3e317edafbac266f999d..a2a0e2fc43449bade1c7af22a82f8c67256d428d 100644
--- a/inventories/example/ha/host_vars/ha-ms1.yml
+++ b/inventories/example/ha/host_vars/ha-ms1.yml
@@ -1,28 +1,16 @@
---
-# nginx:
-# IPv4 address of the reverse-proxy or loadbalancer above the server(s)
-#nginx_real_ip_from: ""
-
-# nginx:
-# Path of the SSL certificate for nginx configuration
-#nginx_ssl_certificate: "/etc/ssl/certs/ssl-cert-snakeoil.pem"
-
-# nginx:
-# Path of the SSL key for nginx configuration
-#nginx_ssl_certificate_key: "/etc/ssl/private/ssl-cert-snakeoil.key"
-
-# sysconfig:
+# ntp:
# List of NTP servers to use on the systems
ntp_servers:
- 0.debian.pool.ntp.org
- 1.debian.pool.ntp.org
-# sysconfig:
+# repository:
# Do not configure any repository and use local repository
-# sysuser:
+# ssh:
# Do not configure any ubicast ssh public key
-#offline_mode: False
+#offline_mode: false
# postfix:
# Define the specified email address for the unix root account (in /etc/aliases)
@@ -48,25 +36,25 @@ postfix_mailname: "ubica.st"
# Password of the SMTP SASL account
#postfix_relay_user: ""
-# sysconfig:
+# repository:
# Prefix of the debian repositories, with the protocol (example: "http://"). Used when the apt-cacher-ng of the Nudgis Manager proxifies the debian repositories.
#repos_debian_prefix: "http://"
-# sysconfig:
+# repository:
# Domain of the UbiCast debian packages repository URL
repos_ubicast_packages_domain: "manager.ubica.st"
-# sysconfig:
+# repository:
# Token used in the UbiCast debian repository URL
# tester:
# UbiCast repository token used to make API call to mirismanager.ubicast.net to retrieve system informations
repos_ubicast_packages_token: "UBICAST-APT-TOKEN"
-# sysuser:
+# user:
# Password for the system user admin
sysuser_admin_password: "my-password"
-# sysuser:
+# user:
# Password for the system user ubicast
sysuser_ubicast_password: "my-password"
@@ -74,10 +62,6 @@ sysuser_ubicast_password: "my-password"
# Sender of the email report
#tester_email_from: "ubicast.tester"
-# tester:
-# Name of the system in the reports
-#tester_system_name: "{{ inventory_hostname }}"
-
# tester:
# List of tests to ignore when executing the ubicast-tester
tester_tests_ignored:
diff --git a/inventories/example/ha/host_vars/ha-ms2.yml b/inventories/example/ha/host_vars/ha-ms2.yml
index 76d45047e39d02e2351d3e317edafbac266f999d..a2a0e2fc43449bade1c7af22a82f8c67256d428d 100644
--- a/inventories/example/ha/host_vars/ha-ms2.yml
+++ b/inventories/example/ha/host_vars/ha-ms2.yml
@@ -1,28 +1,16 @@
---
-# nginx:
-# IPv4 address of the reverse-proxy or loadbalancer above the server(s)
-#nginx_real_ip_from: ""
-
-# nginx:
-# Path of the SSL certificate for nginx configuration
-#nginx_ssl_certificate: "/etc/ssl/certs/ssl-cert-snakeoil.pem"
-
-# nginx:
-# Path of the SSL key for nginx configuration
-#nginx_ssl_certificate_key: "/etc/ssl/private/ssl-cert-snakeoil.key"
-
-# sysconfig:
+# ntp:
# List of NTP servers to use on the systems
ntp_servers:
- 0.debian.pool.ntp.org
- 1.debian.pool.ntp.org
-# sysconfig:
+# repository:
# Do not configure any repository and use local repository
-# sysuser:
+# ssh:
# Do not configure any ubicast ssh public key
-#offline_mode: False
+#offline_mode: false
# postfix:
# Define the specified email address for the unix root account (in /etc/aliases)
@@ -48,25 +36,25 @@ postfix_mailname: "ubica.st"
# Password of the SMTP SASL account
#postfix_relay_user: ""
-# sysconfig:
+# repository:
# Prefix of the debian repositories, with the protocol (example: "http://"). Used when the apt-cacher-ng of the Nudgis Manager proxifies the debian repositories.
#repos_debian_prefix: "http://"
-# sysconfig:
+# repository:
# Domain of the UbiCast debian packages repository URL
repos_ubicast_packages_domain: "manager.ubica.st"
-# sysconfig:
+# repository:
# Token used in the UbiCast debian repository URL
# tester:
# UbiCast repository token used to make API call to mirismanager.ubicast.net to retrieve system informations
repos_ubicast_packages_token: "UBICAST-APT-TOKEN"
-# sysuser:
+# user:
# Password for the system user admin
sysuser_admin_password: "my-password"
-# sysuser:
+# user:
# Password for the system user ubicast
sysuser_ubicast_password: "my-password"
@@ -74,10 +62,6 @@ sysuser_ubicast_password: "my-password"
# Sender of the email report
#tester_email_from: "ubicast.tester"
-# tester:
-# Name of the system in the reports
-#tester_system_name: "{{ inventory_hostname }}"
-
# tester:
# List of tests to ignore when executing the ubicast-tester
tester_tests_ignored:
diff --git a/inventories/example/ha/host_vars/ha-mw1.yml b/inventories/example/ha/host_vars/ha-mw1.yml
index 0e3c2482a0c37e010cab0d5620eb44a3d8a1d4e4..a2a0e2fc43449bade1c7af22a82f8c67256d428d 100644
--- a/inventories/example/ha/host_vars/ha-mw1.yml
+++ b/inventories/example/ha/host_vars/ha-mw1.yml
@@ -1,16 +1,16 @@
---
-# sysconfig:
+# ntp:
# List of NTP servers to use on the systems
ntp_servers:
- 0.debian.pool.ntp.org
- 1.debian.pool.ntp.org
-# sysconfig:
+# repository:
# Do not configure any repository and use local repository
-# sysuser:
+# ssh:
# Do not configure any ubicast ssh public key
-#offline_mode: False
+#offline_mode: false
# postfix:
# Define the specified email address for the unix root account (in /etc/aliases)
@@ -36,25 +36,25 @@ postfix_mailname: "ubica.st"
# Password of the SMTP SASL account
#postfix_relay_user: ""
-# sysconfig:
+# repository:
# Prefix of the debian repositories, with the protocol (example: "http://"). Used when the apt-cacher-ng of the Nudgis Manager proxifies the debian repositories.
#repos_debian_prefix: "http://"
-# sysconfig:
+# repository:
# Domain of the UbiCast debian packages repository URL
repos_ubicast_packages_domain: "manager.ubica.st"
-# sysconfig:
+# repository:
# Token used in the UbiCast debian repository URL
# tester:
# UbiCast repository token used to make API call to mirismanager.ubicast.net to retrieve system informations
repos_ubicast_packages_token: "UBICAST-APT-TOKEN"
-# sysuser:
+# user:
# Password for the system user admin
sysuser_admin_password: "my-password"
-# sysuser:
+# user:
# Password for the system user ubicast
sysuser_ubicast_password: "my-password"
@@ -62,10 +62,6 @@ sysuser_ubicast_password: "my-password"
# Sender of the email report
#tester_email_from: "ubicast.tester"
-# tester:
-# Name of the system in the reports
-#tester_system_name: "{{ inventory_hostname }}"
-
# tester:
# List of tests to ignore when executing the ubicast-tester
tester_tests_ignored:
diff --git a/inventories/example/ha/host_vars/ha-mw2.yml b/inventories/example/ha/host_vars/ha-mw2.yml
index 0e3c2482a0c37e010cab0d5620eb44a3d8a1d4e4..a2a0e2fc43449bade1c7af22a82f8c67256d428d 100644
--- a/inventories/example/ha/host_vars/ha-mw2.yml
+++ b/inventories/example/ha/host_vars/ha-mw2.yml
@@ -1,16 +1,16 @@
---
-# sysconfig:
+# ntp:
# List of NTP servers to use on the systems
ntp_servers:
- 0.debian.pool.ntp.org
- 1.debian.pool.ntp.org
-# sysconfig:
+# repository:
# Do not configure any repository and use local repository
-# sysuser:
+# ssh:
# Do not configure any ubicast ssh public key
-#offline_mode: False
+#offline_mode: false
# postfix:
# Define the specified email address for the unix root account (in /etc/aliases)
@@ -36,25 +36,25 @@ postfix_mailname: "ubica.st"
# Password of the SMTP SASL account
#postfix_relay_user: ""
-# sysconfig:
+# repository:
# Prefix of the debian repositories, with the protocol (example: "http://"). Used when the apt-cacher-ng of the Nudgis Manager proxifies the debian repositories.
#repos_debian_prefix: "http://"
-# sysconfig:
+# repository:
# Domain of the UbiCast debian packages repository URL
repos_ubicast_packages_domain: "manager.ubica.st"
-# sysconfig:
+# repository:
# Token used in the UbiCast debian repository URL
# tester:
# UbiCast repository token used to make API call to mirismanager.ubicast.net to retrieve system informations
repos_ubicast_packages_token: "UBICAST-APT-TOKEN"
-# sysuser:
+# user:
# Password for the system user admin
sysuser_admin_password: "my-password"
-# sysuser:
+# user:
# Password for the system user ubicast
sysuser_ubicast_password: "my-password"
@@ -62,10 +62,6 @@ sysuser_ubicast_password: "my-password"
# Sender of the email report
#tester_email_from: "ubicast.tester"
-# tester:
-# Name of the system in the reports
-#tester_system_name: "{{ inventory_hostname }}"
-
# tester:
# List of tests to ignore when executing the ubicast-tester
tester_tests_ignored:
diff --git a/inventories/example/ha/hosts b/inventories/example/ha/hosts
index 8bd13b219a285f3646cf9db5d2d2f7fb0c26abaf..cf21e89975d98ed02b45cf35307c0a102e27f079 100644
--- a/inventories/example/ha/hosts
+++ b/inventories/example/ha/hosts
@@ -15,31 +15,21 @@ ha-mw2
; -- Groups --
-[celerity]
-ha-cel
-
-[live]
-ha-live1
-ha-live2
-
-[mediacache]
+[cache]
ha-misc1
-[mediaimport]
-ha-misc1
-
-[mediaserver]
+[front]
ha-ms1
ha-ms2
-[mediavault]
+[import]
ha-misc1
-[mediaworker]
-ha-mw1
-ha-mw2
+[live]
+ha-live1
+ha-live2
-[mirismanager]
+[manager]
ha-mm
[netcapture]
@@ -50,31 +40,36 @@ ha-db1
ha-db2
ha-dbw
+[task_management_client]
+ha-mw1
+ha-mw2
+
+[task_management_server]
+ha-cel
+
+[vault]
+ha-misc1
+
; -- Meta groups (do not edit) --
-[base:children]
-celerity
+[ubicast:children]
+front
live
-mediacache
-mediaimport
-mediaserver
-mediavault
-mediaworker
-mirismanager
-msmonitor
+cache
+manager
+netcapture
+import
+vault
+task_management_client
+task_management_server
+monitor_server
postgres
-[munin_server:children]
-mediaserver
+[monitor_server:children]
+front
-[msmonitor:children]
-munin_server
-
-[munin_node:children]
-base
+[monitor_client:children]
+ubicast
[tester:children]
-base
-
-[firewall:children]
-base
+ubicast
diff --git a/inventories/example/std/group_vars/all.yml b/inventories/example/std/group_vars/all.yml
index 288ed044808d1c0d0f8b6723eb2a2ce2735b85e6..a34666989c0ff6983d75f8e469e7f6c24580ffad 100644
--- a/inventories/example/std/group_vars/all.yml
+++ b/inventories/example/std/group_vars/all.yml
@@ -1,62 +1,54 @@
---
-# celerity:
-# IP or domain on which the celerity server service can be joined
-# mediaserver:
+# front:
# IPv4 address used to join the celerity server
-# mediaworker:
+# task_management_client:
+# IP or domain on which the celerity server service can be joined
+# task_management_server:
# IP or domain on which the celerity server service can be joined
-celerity_server_domain: "{{ hostvars[groups['celerity'][0]]['ansible_default_ipv4']['address'] }}"
+celerity_server_domain: "{{ hostvars[groups['task_management_server'][0]]['ansible_default_ipv4']['address'] }}"
-# celerity:
-# Secret key shared between celerity server and workers for communications (should be the same everywhere for communication)
-# mediaserver:
+# front:
# Key used to encrypt communications to and from celerity server
-# mediaworker:
+# task_management_client:
+# Secret key shared between celerity server and workers for communications (should be the same everywhere for communication)
+# task_management_server:
# Secret key shared between celerity server and workers for communications (should be the same everywhere for communication)
celerity_signing_key: "my-signing-key"
+# cache:
+# URL of the Nudgis Live cluster
# live:
# Domain name of the live cluster (only if distinct live server(s) from MediaServer and live_ha variable is set to True)
-# mediacache:
-# URL of the Nudgis Live cluster
live_domain: "nudgis.ubica.st"
-# mediaserver:
+# front:
# Defines the default deployed Nudgis portal linked mirismanager domain (correspond to the URL of the mirismanager portal when adding the HTTP(S) prefix)
-# mirismanager:
+# manager:
# Defines the default domain for the Nudgis Manager
manager_domain: "manager.ubica.st"
-# celerity:
-# Nudgis API key, used to communicate with the nudgis portal
-# mediaserver:
+# front:
# Defines the default deployed Nudgis portal master API key
-# mediaworker:
+# task_management_client:
+# Nudgis API key, used to communicate with the nudgis portal
+# task_management_server:
# Nudgis API key, used to communicate with the nudgis portal
nudgis_front_api_key: "XXXXX-XXXXX-XXXXX-XXXXX-XXXXX"
-# celerity:
-# Defines the default deployed Nudgis portal domain (will be the URL of the portal when adding the HTTP(S) prefix)
-# mediacache:
+# cache:
# URL of Nudgis Front cluster
-# mediaserver:
+# front:
# Defines the default deployed Nudgis portal domain (will be the URL of the portal when adding the HTTP(S) prefix)
-# mediaworker:
+# task_management_client:
# URL of the default Nudgis "msuser" portal used to populate the /etc/celerity/config.py file
+# task_management_server:
+# Defines the default deployed Nudgis portal domain (will be the URL of the portal when adding the HTTP(S) prefix)
nudgis_front_domain: "nudgis.ubica.st"
-# celerity:
-# Nudgis system username for the application portal, used as a JSON key in celerity config for nudgis API usage (see also nudgis_front_api_key)
-# mediaserver:
-# Defines the default deployed Nudgis portal short name (and linked unix user)
-# mediaworker:
-# Nudgis system username for the application portal, used as a JSON key in celerity config for nudgis API usage (see also nudgis_front_api_key)
-nudgis_front_system_user: "msuser"
-
-# munin_node:
+# monitor_client:
# Short name of the customer, with no spaces. This name is used in munin to group the graphs under the same name.
-# munin_server:
+# monitor_server:
# Short name of the customer, with no spaces. This name is used in munin to group the graphs under the same name.
ubicast_customer_name: "UbiCast-Std"
diff --git a/inventories/example/std/group_vars/fail2ban.yml b/inventories/example/std/group_vars/fail2ban.yml
index 823a46dd132d02a48512bc0776fde104b3e62042..df1bf9f619db040166655c34b5f8a690791f8b83 100644
--- a/inventories/example/std/group_vars/fail2ban.yml
+++ b/inventories/example/std/group_vars/fail2ban.yml
@@ -1,21 +1,9 @@
---
-# Define the default action to do when a ban occurs ("action_mwl" to send whois and logs via email or "action_" for default)
-#fail2ban_action: "action_mwl"
-
-# Duration of bans
-#fail2ban_bantime: "10m"
-
# Email sender of the fail2ban reports
#fail2ban_email_from: "root@localhost"
# Email reciepient of the fail2ban reports
#fail2ban_email_to: "noreply@example.com"
-# IP addresses exceptions (no monitored by fail2ban)
-#fail2ban_ignoreip: "127.0.0.1/8 ::1"
-
-# Number of acceptable failures before banning an IP
-#fail2ban_maxretry: "5"
-
...
\ No newline at end of file
diff --git a/inventories/example/std/group_vars/mediaserver.yml b/inventories/example/std/group_vars/front.yml
similarity index 72%
rename from inventories/example/std/group_vars/mediaserver.yml
rename to inventories/example/std/group_vars/front.yml
index c74fe327b35ee23741bc1dd8bb780a54016814d0..026f9ac1bcc2f370f9854e0bfc602d166bb15ad1 100644
--- a/inventories/example/std/group_vars/mediaserver.yml
+++ b/inventories/example/std/group_vars/front.yml
@@ -12,16 +12,10 @@ nudgis_front_database_port: "5432"
# Defines the address for the Nudgis Front emails sender
#nudgis_front_email_from: "noreply@{{ nudgis_front_domain }}"
-# Directory to store the Nudgis portals data
-#nudgis_front_instances_dir: "/data"
-
-# Directory to store the Nudgis lock files. This directory should be shared between the Nudgis Fronts in HA cases.
-#nudgis_front_lock_dir: "/data"
-
# Defines the default deployed Nudgis portal "admin" user password
nudgis_front_user_admin_password: "my-password"
# Defines the default deployed Nudgis portal "ubicast" user password
nudgis_front_user_ubicast_password: "my-password"
-...
+...
\ No newline at end of file
diff --git a/inventories/example/std/group_vars/localisation.yml b/inventories/example/std/group_vars/localisation.yml
new file mode 100644
index 0000000000000000000000000000000000000000..ea0f2d59bf19a7a19a97aa3e7671edab55bc4300
--- /dev/null
+++ b/inventories/example/std/group_vars/localisation.yml
@@ -0,0 +1,9 @@
+---
+
+# Value for the system locale
+init_locale: "en_GB.UTF-8"
+
+# Timezone to set on the servers (`timedatectl list-timezones` for the complete list)
+#init_timezone: "Europe/Paris"
+
+...
\ No newline at end of file
diff --git a/inventories/example/std/group_vars/mirismanager.yml b/inventories/example/std/group_vars/manager.yml
similarity index 100%
rename from inventories/example/std/group_vars/mirismanager.yml
rename to inventories/example/std/group_vars/manager.yml
diff --git a/inventories/example/std/group_vars/monitor_client.yml b/inventories/example/std/group_vars/monitor_client.yml
new file mode 100644
index 0000000000000000000000000000000000000000..4da8fea81ecc6777eba63d3a6a2a12ad258b5e8c
--- /dev/null
+++ b/inventories/example/std/group_vars/monitor_client.yml
@@ -0,0 +1,6 @@
+---
+
+# IP of the munin server to authorize in munin_node
+#munin_server_ip: ""
+
+...
\ No newline at end of file
diff --git a/inventories/example/ha/group_vars/msmonitor.yml b/inventories/example/std/group_vars/monitor_server.yml
similarity index 65%
rename from inventories/example/ha/group_vars/msmonitor.yml
rename to inventories/example/std/group_vars/monitor_server.yml
index a9167132c61bb465638876f2d561b9a8615e5e8f..8c290c6ef93c8579906763328d73bfc919e0864f 100644
--- a/inventories/example/ha/group_vars/msmonitor.yml
+++ b/inventories/example/std/group_vars/monitor_server.yml
@@ -9,4 +9,7 @@ monitor_user_admin_password: "my-password"
# Password for the webmonitor ubicast user
monitor_user_ubicast_password: "my-password"
+# List of munin_nodes with their names and IP (each element of the list is a dictionary with a "name" and a "ip" key)
+#munin_nodes: []
+
...
\ No newline at end of file
diff --git a/inventories/example/std/group_vars/postgres.yml b/inventories/example/std/group_vars/postgres.yml
index 031a9c274c5a9d75e3620e12536c41caff14a56d..1cc327f260013b48b9a5fa28466827b79e6b9a3f 100644
--- a/inventories/example/std/group_vars/postgres.yml
+++ b/inventories/example/std/group_vars/postgres.yml
@@ -1,56 +1,9 @@
---
-# PostgreSQL configuration key/values
-#database_conf:
-# - content: ''
-# name: main
-
-# Dictionnary of extra databases to deploy (with `name` and `owner` keys)
-#database_databases: []
-
-# PostgreSQL user/host connection file
-#database_host_authentification:
-# - method: peer
-# type: local
-# - address: 127.0.0.1/32
-# type: hostssl
-# - address: ::1/128
-# type: hostssl
-# - database: replication
-# method: peer
-# type: local
-# - address: 127.0.0.1/32
-# database: replication
-# type: hostssl
-# - address: ::1/128
-# database: replication
-# type: hostssl
-
# Password for the postgres admin account
database_password: "my-password"
-# Dictionnary of extra PostgreSQL users to deploy (with `name`, `password`, `db`, `priv` and `roles` keys)
-#database_users: []
-
-# [HA only] Conninfo parameter populated in the repmgr configuration file
-#repmgr_conninfo: "host={{ ansible_default_ipv4.address }} dbname={{ repmgr_database }} user={{ repmgr_user }} connect_timeout={{ repmgr_timeout }}"
-
-# [HA only] Name of the repmgr database
-#repmgr_database: "repmgr"
-
# [HA only] Password of the repmgr DB user
#repmgr_password: ""
-# [HA only] Listening port for rephacheck
-#repmgr_repha_port: 8543
-
-# [HA only] List of roles for the repmgr user PostgreSQL pg_hba configuration
-#repmgr_roles: "LOGIN,REPLICATION,SUPERUSER"
-
-# [HA only] Timeout value for the repmgr connections
-#repmgr_timeout: 5
-
-# [HA only] Username of the repmgr DB user
-#repmgr_user: "repmgr"
-
...
\ No newline at end of file
diff --git a/inventories/example/std/group_vars/repository.yml b/inventories/example/std/group_vars/repository.yml
new file mode 100644
index 0000000000000000000000000000000000000000..27527a8d6df032dec123e40180ec3c57f16e6d8a
--- /dev/null
+++ b/inventories/example/std/group_vars/repository.yml
@@ -0,0 +1,9 @@
+---
+
+# Domain to use for the Debian repositories
+#repos_debian_packages_domain: "deb.debian.org"
+
+# Domain to use for the Debian security repositories
+#repos_debian_security_packages_domain: "security.debian.org"
+
+...
\ No newline at end of file
diff --git a/inventories/example/std/group_vars/sysconfig.yml b/inventories/example/std/group_vars/sysconfig.yml
deleted file mode 100644
index aebfb076b4165d8180456e0ed6db2fe41c579917..0000000000000000000000000000000000000000
--- a/inventories/example/std/group_vars/sysconfig.yml
+++ /dev/null
@@ -1,18 +0,0 @@
----
-
-# Value for the system locale
-init_locale: "en_GB.UTF-8"
-
-# Timezone to set on the servers (`timedatectl list-timezones` for the complete list)
-#init_timezone: "Europe/Paris"
-
-# Domain to use for the Debian repositories
-#repos_debian_packages_domain: "deb.debian.org"
-
-# Domain to use for the Debian security repositories
-#repos_debian_security_packages_domain: "security.debian.org"
-
-# Debian distribution short name (example: "bullseye")
-#repos_release: "{{ ansible_distribution_release }}"
-
-...
\ No newline at end of file
diff --git a/inventories/example/std/host_vars/std-misc1.yml b/inventories/example/std/host_vars/std-misc1.yml
index 0bf2e8ebcba8e66ff70f30fbb043f5c9084c7216..abb2fa1af364ad7494e1f9eecb3cb50ed7c7813f 100644
--- a/inventories/example/std/host_vars/std-misc1.yml
+++ b/inventories/example/std/host_vars/std-misc1.yml
@@ -1,64 +1,48 @@
---
-# mediacache:
+# cache:
# URL of the Nudgis Cache vhost
cache_domain: "cache.ubica.st"
-# mediacache:
+# cache:
# Path of the folder to cache the Live service data
#cache_live_folder: "/var/cache/nginx/mediacache-live"
-# mediacache:
+# cache:
# Max size allowed for the Live service data
#cache_live_size: "1"
-# mediacache:
+# cache:
# Path of the folder to cache the VOD service data
#cache_vod_folder: "/var/cache/nginx/mediacache-vod"
-# mediacache:
+# cache:
# Max size allowed for the VOD service data
#cache_vod_size: "1"
-# netcapture:
-# Folder used to store the configurations
-#netcapture_conf_folder: "/etc/miris/conf"
+# lxc:
+# LXC network type
+lxc_network_type: "masquerade_bridge"
# netcapture:
-# Folder used to store the medias
-#netcapture_media_folder: "/data/netcapture/media"
+# Password of the deployed netcapture miris API
+netcapture_miris_user_pwd: "my-password"
# netcapture:
# Activates the SSL verification when calling the Nudgis Manager
-#netcapture_mm_ssl: True
-
-# netcapture:
-# Folder used to store the packages
-#netcapture_pkg_folder: "/data/netcapture/packages"
-
-# nginx:
-# IPv4 address of the reverse-proxy or loadbalancer above the server(s)
-#nginx_real_ip_from: ""
+#netcapture_mm_ssl: true
-# nginx:
-# Path of the SSL certificate for nginx configuration
-#nginx_ssl_certificate: "/etc/ssl/certs/ssl-cert-snakeoil.pem"
-
-# nginx:
-# Path of the SSL key for nginx configuration
-#nginx_ssl_certificate_key: "/etc/ssl/private/ssl-cert-snakeoil.key"
-
-# sysconfig:
+# ntp:
# List of NTP servers to use on the systems
ntp_servers:
- 0.debian.pool.ntp.org
- 1.debian.pool.ntp.org
-# sysconfig:
+# repository:
# Do not configure any repository and use local repository
-# sysuser:
+# ssh:
# Do not configure any ubicast ssh public key
-#offline_mode: False
+#offline_mode: false
# postfix:
# Define the specified email address for the unix root account (in /etc/aliases)
@@ -84,25 +68,25 @@ postfix_mailname: "ubica.st"
# Password of the SMTP SASL account
#postfix_relay_user: ""
-# sysconfig:
+# repository:
# Prefix of the debian repositories, with the protocol (example: "http://"). Used when the apt-cacher-ng of the Nudgis Manager proxifies the debian repositories.
#repos_debian_prefix: "http://"
-# sysconfig:
+# repository:
# Domain of the UbiCast debian packages repository URL
repos_ubicast_packages_domain: "manager.ubica.st"
-# sysconfig:
+# repository:
# Token used in the UbiCast debian repository URL
# tester:
# UbiCast repository token used to make API call to mirismanager.ubicast.net to retrieve system informations
repos_ubicast_packages_token: "UBICAST-APT-TOKEN"
-# sysuser:
+# user:
# Password for the system user admin
sysuser_admin_password: "my-password"
-# sysuser:
+# user:
# Password for the system user ubicast
sysuser_ubicast_password: "my-password"
@@ -110,13 +94,9 @@ sysuser_ubicast_password: "my-password"
# Sender of the email report
#tester_email_from: "ubicast.tester"
-# tester:
-# Name of the system in the reports
-#tester_system_name: "{{ inventory_hostname }}"
-
# tester:
# List of tests to ignore when executing the ubicast-tester
tester_tests_ignored:
- uptime.sh
-...
+...
\ No newline at end of file
diff --git a/inventories/example/std/host_vars/std-ms1.yml b/inventories/example/std/host_vars/std-ms1.yml
index 1367721e9f30c13604918bbfc9dc4f46be444dec..2bfb2bf0bb7378facf9916d9901402a5d462318c 100644
--- a/inventories/example/std/host_vars/std-ms1.yml
+++ b/inventories/example/std/host_vars/std-ms1.yml
@@ -1,40 +1,20 @@
---
-# postgres:
-# [HA only] Define database role on this host. Possible values: primary, standby or witness
-#database_role: ""
-
-# mirismanager:
-# Mandatory proxy to use in apt-cacher-ng
-#http_proxy: ""
-
# live:
# Size of the tmpfs storing the live chunks (unit g or m and only if distinct live server(s) from MediaServer)
#live_tmpfs_size: "2048m"
-# nginx:
-# IPv4 address of the reverse-proxy or loadbalancer above the server(s)
-#nginx_real_ip_from: ""
-
-# nginx:
-# Path of the SSL certificate for nginx configuration
-#nginx_ssl_certificate: "/etc/ssl/certs/ssl-cert-snakeoil.pem"
-
-# nginx:
-# Path of the SSL key for nginx configuration
-#nginx_ssl_certificate_key: "/etc/ssl/private/ssl-cert-snakeoil.key"
-
-# sysconfig:
+# ntp:
# List of NTP servers to use on the systems
ntp_servers:
- 0.debian.pool.ntp.org
- 1.debian.pool.ntp.org
-# sysconfig:
+# repository:
# Do not configure any repository and use local repository
-# sysuser:
+# ssh:
# Do not configure any ubicast ssh public key
-#offline_mode: False
+#offline_mode: false
# postfix:
# Define the specified email address for the unix root account (in /etc/aliases)
@@ -60,25 +40,25 @@ postfix_mailname: "ubica.st"
# Password of the SMTP SASL account
#postfix_relay_user: ""
-# sysconfig:
+# repository:
# Prefix of the debian repositories, with the protocol (example: "http://"). Used when the apt-cacher-ng of the Nudgis Manager proxifies the debian repositories.
#repos_debian_prefix: "http://"
-# sysconfig:
+# repository:
# Domain of the UbiCast debian packages repository URL
repos_ubicast_packages_domain: "manager.ubica.st"
-# sysconfig:
+# repository:
# Token used in the UbiCast debian repository URL
# tester:
# UbiCast repository token used to make API call to mirismanager.ubicast.net to retrieve system informations
repos_ubicast_packages_token: "UBICAST-APT-TOKEN"
-# sysuser:
+# user:
# Password for the system user admin
sysuser_admin_password: "my-password"
-# sysuser:
+# user:
# Password for the system user ubicast
sysuser_ubicast_password: "my-password"
@@ -86,10 +66,6 @@ sysuser_ubicast_password: "my-password"
# Sender of the email report
#tester_email_from: "ubicast.tester"
-# tester:
-# Name of the system in the reports
-#tester_system_name: "{{ inventory_hostname }}"
-
# tester:
# List of tests to ignore when executing the ubicast-tester
tester_tests_ignored:
diff --git a/inventories/example/std/host_vars/std-mw1.yml b/inventories/example/std/host_vars/std-mw1.yml
index 0c255ac542de0c5025c94964b5280ec75904797e..18d43e4ed96759f0751135c998672b2b08dde6de 100644
--- a/inventories/example/std/host_vars/std-mw1.yml
+++ b/inventories/example/std/host_vars/std-mw1.yml
@@ -1,16 +1,16 @@
---
-# sysconfig:
+# ntp:
# List of NTP servers to use on the systems
ntp_servers:
- 0.debian.pool.ntp.org
- 1.debian.pool.ntp.org
-# sysconfig:
+# repository:
# Do not configure any repository and use local repository
-# sysuser:
+# ssh:
# Do not configure any ubicast ssh public key
-#offline_mode: False
+#offline_mode: false
# postfix:
# Define the specified email address for the unix root account (in /etc/aliases)
@@ -36,25 +36,25 @@ postfix_mailname: "ubica.st"
# Password of the SMTP SASL account
#postfix_relay_user: ""
-# sysconfig:
+# repository:
# Prefix of the debian repositories, with the protocol (example: "http://"). Used when the apt-cacher-ng of the Nudgis Manager proxifies the debian repositories.
#repos_debian_prefix: "http://"
-# sysconfig:
+# repository:
# Domain of the UbiCast debian packages repository URL
repos_ubicast_packages_domain: "manager.ubica.st"
-# sysconfig:
+# repository:
# Token used in the UbiCast debian repository URL
# tester:
# UbiCast repository token used to make API call to mirismanager.ubicast.net to retrieve system informations
repos_ubicast_packages_token: "UBICAST-APT-TOKEN"
-# sysuser:
+# user:
# Password for the system user admin
sysuser_admin_password: "my-password"
-# sysuser:
+# user:
# Password for the system user ubicast
sysuser_ubicast_password: "my-password"
@@ -62,10 +62,6 @@ sysuser_ubicast_password: "my-password"
# Sender of the email report
#tester_email_from: "ubicast.tester"
-# tester:
-# Name of the system in the reports
-#tester_system_name: "{{ inventory_hostname }}"
-
# tester:
# List of tests to ignore when executing the ubicast-tester
tester_tests_ignored:
diff --git a/inventories/example/std/hosts b/inventories/example/std/hosts
index 9d133b95a59cd966952687661082d8dfc2aa0bec..2847ae2c4703a649ab76c4bf918392a58e9cbf7e 100644
--- a/inventories/example/std/hosts
+++ b/inventories/example/std/hosts
@@ -6,22 +6,16 @@ std-mw1
; -- Groups --
-[celerity]
-std-ms1
-
-[live]
-std-ms1
-
-[mediacache]
+[cache]
std-misc1
-[mediaserver]
+[front]
std-ms1
-[mediaworker]
-std-mw1
+[live]
+std-ms1
-[mirismanager]
+[manager]
std-ms1
[netcapture]
@@ -30,29 +24,30 @@ std-misc1
[postgres]
std-ms1
+[task_management_client]
+std-mw1
+
+[task_management_server]
+std-ms1
+
; -- Meta groups (do not edit) --
-[base:children]
-celerity
+[ubicast:children]
+front
live
-mediacache
-mediaserver
-mediaworker
-mirismanager
-msmonitor
+cache
+manager
+netcapture
+task_management_client
+task_management_server
+monitor_server
postgres
-[munin_server:children]
-mediaserver
-
-[msmonitor:children]
-munin_server
+[monitor_server:children]
+front
-[munin_node:children]
-base
+[monitor_client:children]
+ubicast
[tester:children]
-base
-
-[firewall:children]
-base
+ubicast
diff --git a/playbooks/firewall.yml b/playbooks/firewall.yml
deleted file mode 100755
index 8941d9175f05931fb5f1554ca9a5ae4a4f2ec047..0000000000000000000000000000000000000000
--- a/playbooks/firewall.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-#!/usr/bin/env ansible-playbook
----
-
-- name: FIREWALL
- hosts: firewall
- roles:
- - nftables
-
-...
diff --git a/playbooks/letsencrypt.yml b/playbooks/letsencrypt.yml
deleted file mode 100755
index 191415079c09742fb8430e906b10ffe64f3b92c2..0000000000000000000000000000000000000000
--- a/playbooks/letsencrypt.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-#!/usr/bin/env ansible-playbook
----
-
-- name: Let's encrypt
- hosts: all
- roles:
- - letsencrypt
-
-...
diff --git a/playbooks/live/README.md b/playbooks/live/README.md
deleted file mode 100644
index b73cccdea3b2aa10c76bea9e753f06bd414332cc..0000000000000000000000000000000000000000
--- a/playbooks/live/README.md
+++ /dev/null
@@ -1,76 +0,0 @@
-# Description
-
-The envsetup `live` group includes all the hosts that will process lives streams.
-In a standard Ubicast case, the host is the same as the mediaserver.
-In a HA Ubicast case, the live is usually a cluster of two dedicated servers behind a loadbalancer VIP setup in active/backup.
-
-# Prerequisites
-
-The `live` group playbooks actions **must** be played after the `mediaserver` playbook actions otherwise the `live` playbook will throw an error when configuring nginx on the `mediaserver` hosts.
-
-# Usage
-
-## Description
-
-You can setup a standard case by setting the `ip_live` value to `127.0.0.1` in your inventory (or leave it blank as it is the default value).
-For a HA case, you will have to setup the live cluster VIP address in the `ip_live` variable.
-
-# Ansible
-
-## Inventory variables
-
-| Name | Default | Description |
-|-------------|--------------|-----------------------------------------|
-| ip_live | 127.0.0.1 | IP/DNS to reach the live server/cluster from the MediaServer point of view |
-| live_domain | | Domain name of the live cluster (only if distinct live server(s) from MediaServer) |
-| tmpfs_size | 2048m | Size of the tmpfs storing the live chunks (unit g or m and only if distinct live server(s) from MediaServer) |
-
-**Note**: See the [ubicast prerequisites](https://docs.google.com/document/d/1vAfLq1hgPMYoTlcCs9-yGHfaKdwKirSmpfic1DwfnXo/edit#heading=h.6txdj6tamlvd) for details on the tmpfs size (Although 2048m should cover most of the non-intensive cases)
-
-## Usage examples
-
-### Standard case
-
-* To deploy the live cluster with a global deployment
-
-```
-cd <envsetup dir>/ansible
-ansible-playbook -i inventory/<inventory name> playbooks/site.yml
-```
-
-* To deploy only the live cluster and the Ubicast global tools
-
-```
-cd <envsetup dir>/ansible
-ansible-playbook -i inventory/<inventory name> playbooks/live/deploy-standalone.yml
-```
-
-* To deploy only the live cluster without the Ubicast global tools
-
-```
-cd <envsetup dir>/ansible
-ansible-playbook -i inventory/<inventory name> playbooks/live/deploy-minimal.yml
-```
-
-### HA case
-
-* To deploy the live cluster with a global deployment
-
-```
-cd <envsetup dir>/ansible
-ansible-playbook -i inventory/<inventory name> playbooks/site.yml
-```
-
-* To deploy only the live cluster and the Ubicast global tools
-
-```
-cd <envsetup dir>/ansible
-ansible-playbook -i inventory/<inventory name> playbooks/live/deploy-standalone.yml
-```
-
-* To deploy only the live cluster without the Ubicast global tools
-
-```
-cd <envsetup dir>/ansible
-ansible-playbook -i inventory/<inventory name> playbooks/live/deploy-minimal.yml
-```
diff --git a/playbooks/mediacache.yml b/playbooks/mediacache.yml
deleted file mode 100755
index c166af0356ad97af044d175da4453d3639d3ef47..0000000000000000000000000000000000000000
--- a/playbooks/mediacache.yml
+++ /dev/null
@@ -1,18 +0,0 @@
-#!/usr/bin/env ansible-playbook
----
-
-- name: MEDIACACHE
- hosts: mediacache
- roles:
- - mediacache
- post_tasks:
- - name: deploy letsencrypt certificate
- when: letsencrypt_enabled | d(false)
- ansible.builtin.include_role:
- name: letsencrypt
- - name: configure proxy
- when: proxy_apply | d(false)
- ansible.builtin.include_role:
- name: proxy
-
-...
diff --git a/playbooks/mediacache/README.md b/playbooks/mediacache/README.md
deleted file mode 100644
index c0beee5cf47c952c04b59d4322a9d79f1f850e7d..0000000000000000000000000000000000000000
--- a/playbooks/mediacache/README.md
+++ /dev/null
@@ -1,40 +0,0 @@
-# Description
-
-The envsetup `mediacache` group includes all the hosts that will be installed as cache servers for the Ubicast solution medias.
-These hosts should be dedicated to the MediaCache solution.
-
-# Prerequisites
-
-The `mediacache` playbooks **must** be played after the `mediaserver` and `live` playbooks actions.
-
-# Ansible
-
-## Inventory variables
-
-| Mandatory | Name | Default | Description |
-|-----------|------------------------|----------------------------------|------------------------------------------------|
-| Yes | mediacache_url | | Domain name of the cache server |
-| Yes | ms_url | | Domain name of the mediaserver cluster/server |
-| Yes | mediacache_vod_folder | /var/cache/nginx/mediacache-vod | Folder for the VOD cache storage |
-| Yes | mediacache_vod_size | | Size of the VOD cache storage in GB |
-| No | live_url | | Domain name of the live cluster/server |
-| No | mediacache_live_folder | /var/cache/nginx/mediacache-live | Folder for the live cache storage |
-| No | mediacache_live_size | 1 | Size of the live cache storage in GB |
-
-**Note**: The `live_url`, `mediacache_live_folder` and `mediacache_live_size` becomes mandatory if you want to configure a cache on the live medias
-
-## Usage examples
-
-* To deploy the live cluster with a global deployment
-
-```
-cd <envsetup dir>/ansible
-ansible-playbook -i inventory/<inventory name> playbooks/site.yml
-```
-
-* To deploy only the live cluster and the Ubicast global tools
-
-```
-cd <envsetup dir>/ansible
-ansible-playbook -i inventory/<inventory name> playbooks/mediacache.yml
-```
diff --git a/playbooks/mediaserver.yml b/playbooks/mediaserver.yml
deleted file mode 100755
index 3f3778062ce133cc94b1401fea81d58c17938fee..0000000000000000000000000000000000000000
--- a/playbooks/mediaserver.yml
+++ /dev/null
@@ -1,18 +0,0 @@
-#!/usr/bin/env ansible-playbook
----
-
-- name: MEDIASERVER
- hosts: mediaserver
- roles:
- - mediaserver
- post_tasks:
- - name: deploy letsencrypt certificate
- when: letsencrypt_enabled | d(false)
- ansible.builtin.include_role:
- name: letsencrypt
- - name: configure proxy
- when: proxy_apply | d(false)
- ansible.builtin.include_role:
- name: proxy
-
-...
diff --git a/playbooks/mediavault/deploy.yml b/playbooks/mediavault/deploy.yml
deleted file mode 100755
index 8cee8d986be78c2ccee73444b0ff891fdb177e27..0000000000000000000000000000000000000000
--- a/playbooks/mediavault/deploy.yml
+++ /dev/null
@@ -1,15 +0,0 @@
-#!/usr/bin/env ansible-playbook
----
-
-- name: MEDIAVAULT
- hosts: mediavault
- tags: mediavault
- roles:
- - mediavault
- post_tasks:
- - name: configure proxy
- when: proxy_apply | d(false)
- ansible.builtin.include_role:
- name: proxy
-
-...
diff --git a/playbooks/mirismanager.yml b/playbooks/mirismanager.yml
deleted file mode 100755
index d3df46c20ff157a3030f096bc4b617321169a5bf..0000000000000000000000000000000000000000
--- a/playbooks/mirismanager.yml
+++ /dev/null
@@ -1,18 +0,0 @@
-#!/usr/bin/env ansible-playbook
----
-
-- name: MIRIS MANAGER
- hosts: mirismanager
- roles:
- - mirismanager
- post_tasks:
- - name: deploy letsencrypt certificate
- when: letsencrypt_enabled | d(false)
- ansible.builtin.include_role:
- name: letsencrypt
- - name: configure proxy
- when: proxy_apply | d(false)
- ansible.builtin.include_role:
- name: proxy
-
-...
diff --git a/playbooks/monitor/all.yml b/playbooks/monitor/all.yml
deleted file mode 100644
index 22cadb0714cd403661093a1b7858df322e263187..0000000000000000000000000000000000000000
--- a/playbooks/monitor/all.yml
+++ /dev/null
@@ -1,11 +0,0 @@
-#!/usr/bin/env ansible-playbook
----
-
-- import_playbook: msmonitor.yml
- tags: monitor
-- import_playbook: munin_node.yml
- tags: monitor
-- import_playbook: munin_server.yml
- tags: monitor
-
-...
diff --git a/playbooks/monitor/msmonitor.yml b/playbooks/monitor/msmonitor.yml
deleted file mode 100644
index ad334b19896b101e7aeff76218b258aa85cc210f..0000000000000000000000000000000000000000
--- a/playbooks/monitor/msmonitor.yml
+++ /dev/null
@@ -1,10 +0,0 @@
-#!/usr/bin/env ansible-playbook
----
-
-- name: msmonitor
- hosts: msmonitor
- tags: munin
- roles:
- - monitor/msmonitor
-
-...
diff --git a/playbooks/monitor/munin_node.yml b/playbooks/monitor/munin_node.yml
deleted file mode 100644
index 785c5095a8a27e6ba495b2eaf55bcbbd86e02969..0000000000000000000000000000000000000000
--- a/playbooks/monitor/munin_node.yml
+++ /dev/null
@@ -1,10 +0,0 @@
-#!/usr/bin/env ansible-playbook
----
-
-- name: Munin node
- hosts: munin_node
- tags: munin
- roles:
- - monitor/munin_node
-
-...
diff --git a/playbooks/monitor/munin_server.yml b/playbooks/monitor/munin_server.yml
deleted file mode 100644
index 00f42013d2f3d36a46bb1033dbf3c7bdd94b2359..0000000000000000000000000000000000000000
--- a/playbooks/monitor/munin_server.yml
+++ /dev/null
@@ -1,16 +0,0 @@
-#!/usr/bin/env ansible-playbook
----
-
-- name: Munin server
- hosts: munin_server
- tags: munin
- pre_tasks:
- - name: gather munin_node group facts
- ansible.builtin.setup:
- delegate_to: "{{ item }}"
- delegate_facts: true
- with_items: "{{ groups['munin_node'] }}"
- roles:
- - monitor/munin_server
-
-...
diff --git a/playbooks/netcapture/README.md b/playbooks/netcapture/README.md
deleted file mode 100644
index 4c17ea2d5c74c08e9812f9242d99cb9ec9190db5..0000000000000000000000000000000000000000
--- a/playbooks/netcapture/README.md
+++ /dev/null
@@ -1,53 +0,0 @@
-# Description
-
-The envsetup `netcapture` group includes all the hosts that will host netcapture instances.
-
-# Prerequisites
-
-The `netcapture` group need on targeted hosts:
-- an access to ubicast repository
-- an ubicast user
-
-# Usage
-
-## Description
-
-Netcapture rely on LXC, the network can be configured in different ways.
-- Masquerade bridge: independent private bridge, netcapture instances can't reach host network
-- Host bridge: host shared network bridge, netcapture instances share the network with the host (allows the use of the NDI protocol)
-
-# Ansible
-
-## Inventory variables
-
-| Type | Name | Default | Description |
-|------|----------------------------|---------------------------------|----------------------------------------------------------------------|
-| All | lxc_network_type | masquerade_bridge | Netcaptures instances network access: masquerade_bridge, host_bridge |
-| All | netcapture_mm_url | https://mirismanager.ubicast.eu | MiriManager URL for Netcaptures remote access, package download, ... |
-| All | netcapture_mm_ssl | true | MirisManager certificate validation |
-| All | netcapture_conf_folder | /etc/miris/conf | Netcaptures configuration folder on host |
-| All | netcapture_media_folder | /data/netcapture/media | Netcaptures media folder on host |
-| All | netcapture_pkg_folder | /data/netcapture/packages | Netcaptures package folder on host |
-| All | netcapture_miris_user_pwd | ? | Netcaptures authentification on MiriManager |
-| All | netcapture_miris_auth | true | Netcaptures authentification on MiriManager |
-
-## Usage examples
-
-* To deploy the netcapture with a global deployment
-
-```
-ansible-playbook -i inventory/<inventory name> playbooks/site.yml
-```
-
-* To deploy only the netcapture and the Ubicast global tools
-
-```
-ansible-playbook -i inventory/<inventory name> playbooks/netcapture/deploy-standalone.yml
-```
-
-* To deploy only the netcapture without the Ubicast global tools
-
-```
-ansible-playbook -i inventory/<inventory name> playbooks/netcapture/deploy-minimal.yml
-```
-
diff --git a/playbooks/netcapture/netcapture.yml b/playbooks/netcapture/netcapture.yml
deleted file mode 100644
index be79c389c76f774f3f204874ad526c82cf752ddb..0000000000000000000000000000000000000000
--- a/playbooks/netcapture/netcapture.yml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-
-- name: NETCAPTURE
- hosts: netcapture
- gather_facts: false
- tags: netcapture
- roles:
- - lxc
- - netcapture
-
-...
diff --git a/playbooks/mediacache/mediacache.yml b/playbooks/nudgis/cache/deploy.yml
similarity index 56%
rename from playbooks/mediacache/mediacache.yml
rename to playbooks/nudgis/cache/deploy.yml
index cb904b5f6a889b818eac17bbc008e4db99bd50f1..0c1e682a89f352e9d379a2e95f21652403d89d9b 100644
--- a/playbooks/mediacache/mediacache.yml
+++ b/playbooks/nudgis/cache/deploy.yml
@@ -1,33 +1,33 @@
---
-- name: MEDIACACHE
- hosts: mediacache
+- name: "NUDGIS CACHE"
+ hosts: cache
roles:
- - mediacache
+ - nudgis/cache
tasks:
- - name: Getting the IP to trust in term of securelink
+ - name: "Getting the IP to trust in term of securelink"
ansible.builtin.set_fact:
securelink_ip: "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}"
tags: configure
- - name: authorize mediacache on mediaserver
- notify: restart nginx on mediaservers
+ - name: "Authorize Nudgis Cache on the Nudgis Front(s)"
+ notify: "Restart nginx on the nudgis fronts"
ansible.builtin.lineinfile:
path: /etc/nginx/conf.d/mediaserver-securelink.conf
- line: "{{'\t'}}{{ securelink_ip }} 1;" # noqa no-tabs jinja[spacing]
+ line: "{{ '\t' }}{{ securelink_ip }} 1;"
insertafter: ^geo
delegate_to: "{{ item }}"
delegate_facts: true
- loop: "{{ groups['mediaserver'] }}"
+ loop: "{{ groups['front'] }}"
tags: configure
handlers:
- - name: restart nginx on mediaservers
+ - name: "Restart nginx on the nudgis fronts"
ansible.builtin.systemd:
name: nginx
state: restarted
delegate_to: "{{ item }}"
delegate_facts: true
- loop: "{{ groups['mediaserver'] }}"
+ loop: "{{ groups['front'] }}"
...
diff --git a/playbooks/mediaworker.yml b/playbooks/nudgis/front/deploy.yml
similarity index 54%
rename from playbooks/mediaworker.yml
rename to playbooks/nudgis/front/deploy.yml
index 924136543af6e3b993ff407f5345f72f05bdfbe5..b38cf29b1036da74e15d1782da4227c9a71b0202 100755
--- a/playbooks/mediaworker.yml
+++ b/playbooks/nudgis/front/deploy.yml
@@ -1,14 +1,14 @@
#!/usr/bin/env ansible-playbook
---
-- name: MEDIAWORKER
- hosts: mediaworker
+- name: "NUDGIS FRONT"
+ hosts: front
roles:
- - mediaworker
+ - nudgis/front
post_tasks:
- - name: configure proxy
+ - name: "Configure proxy"
when: proxy_apply | d(false)
ansible.builtin.include_role:
- name: proxy
+ name: system/proxy
...
diff --git a/playbooks/mediaimport.yml b/playbooks/nudgis/import/deploy.yml
similarity index 53%
rename from playbooks/mediaimport.yml
rename to playbooks/nudgis/import/deploy.yml
index 618d30903d85f3c7528a847a2bd85c09d275a3f1..dd4d24e2888b55857f1b3a9b3d891cf766d71c7c 100755
--- a/playbooks/mediaimport.yml
+++ b/playbooks/nudgis/import/deploy.yml
@@ -1,14 +1,14 @@
#!/usr/bin/env ansible-playbook
---
-- name: MEDIAIMPORT
- hosts: mediaimport
+- name: "NUDGIS IMPORT"
+ hosts: import
roles:
- - mediaimport
+ - nudgis/import
post_tasks:
- - name: configure proxy
+ - name: "Configure proxy"
when: proxy_apply | d(false)
ansible.builtin.include_role:
- name: proxy
+ name: system/proxy
...
diff --git a/playbooks/nudgis/letsencrypt/README.md b/playbooks/nudgis/letsencrypt/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..90d3603da5129cf2046677378528a41fc85024dc
--- /dev/null
+++ b/playbooks/nudgis/letsencrypt/README.md
@@ -0,0 +1,17 @@
+**Description**
+
+This playbook is deploying and configuring `certbot` on every server that is publishing some UbiCast services through nginx. The configuration of the SSL certificates in nginx is also handled by this playbook.
+This playbook is configuring certbot to generate Let's Encrypt SSL certificates **only** for UbiCast services (automatically discovered in the playbook).
+
+**Prerequisites**
+
+You should provide a working inventory (with defined `front`, `manager`, `cache` and `monitor_server` groups) when calling this playbook and the `letsencrypt_email` variable should be set as it will be used for the Let's Encrypt administrator account email address (See **Usage**).
+You should also have working DNS entries and network access to the servers for Let's Encrypt to be able to generate the SSL certificates.
+
+**Usage**
+
+```bash
+ansible-playbook -i inventories/<inventory> -e 'letsencrypt_email=<customer_admin_email>' playbooks/nudgis/letsencrypt/deploy.yml
+```
+
+**Note:** This playbook do not apply to High Availibity cases, it will fail before action if several hosts are in a group needing SSL certificates. For HA cases, a custom solution has to be implemented to generate and/or **synchronize** the certificates between servers publishing the same domain.
diff --git a/playbooks/nudgis/letsencrypt/deploy.yml b/playbooks/nudgis/letsencrypt/deploy.yml
new file mode 100755
index 0000000000000000000000000000000000000000..2b85aaf35504f49d4de4bb92b4b8723a5d0dbd3d
--- /dev/null
+++ b/playbooks/nudgis/letsencrypt/deploy.yml
@@ -0,0 +1,50 @@
+#!/usr/bin/env ansible-playbook
+---
+
+- name: "LETS ENCRYPT"
+ # Target all the groups defined in the "vhosts" variable dicts ("group" key)
+ hosts: "{{ vhosts | map(attribute='group') }}"
+ gather_facts: false
+ vars:
+ vhosts:
+ - { "group": "front", "file": "mediaserver-msuser.conf" }
+ - { "group": "manager", "file": "skyreach.conf" }
+ - { "group": "cache", "file": "mediacache.conf" }
+ - { "group": "monitor_server", "file": "webmonitor.conf" }
+ tasks:
+ - name: "Check number of webservers for the group (HA is not supported/implemented)"
+ ansible.builtin.fail:
+ msg: "The group \"{{ item.group }}\" has more than one host which is not supported by Let's Encrypt certificate generation playbook provided by UbiCast."
+ when:
+ - item.group in groups.keys()
+ - groups[item.group] | length > 1
+ loop: "{{ vhosts }}"
+ run_once: true
+
+ - name: "Check vhosts existence"
+ ansible.builtin.stat:
+ path: "/etc/nginx/sites-enabled/{{ item }}"
+ # `map()` is mapping the `file` key value, effectively converting the `vhosts` list of dicts in a list of files (string)
+ loop: "{{ vhosts | map(attribute='file') }}"
+ register: check_file
+
+ - name: "Retrieve the domains from found vhosts files"
+ ansible.builtin.command: grep -m1 -oP '\s+server_name\s+\K[^; ]+' "{{ item }}"
+ register: grep_domain
+ changed_when: false
+ # `check_file.results` is a list of stat (and other) dicts, so we map the stat dict directly, filter by existing path and we finally map `path`
+ # That effectively allow us to loop a list of existing `path`
+ loop: "{{ check_file.results | map(attribute='stat') | selectattr('exists', 'true') | map(attribute='path') }}"
+
+ - name: "Consolidate the domains"
+ ansible.builtin.set_fact:
+ # Similar processing as above
+ domains: "{{ grep_domain.results | selectattr('stdout', 'defined') | map(attribute='stdout') }}"
+
+ - ansible.builtin.include_role:
+ name: nudgis/letsencrypt
+ vars:
+ letsencrypt_domains: "{{ domains }}"
+ when: domains != []
+
+...
diff --git a/playbooks/live/live.yml b/playbooks/nudgis/live/deploy.yml
similarity index 94%
rename from playbooks/live/live.yml
rename to playbooks/nudgis/live/deploy.yml
index 05bb1257e0d59803ca2cff3df6d62a36c0c96452..cc0152e180953b20dd0ab3aff4ac93d2ffa68e58 100644
--- a/playbooks/live/live.yml
+++ b/playbooks/nudgis/live/deploy.yml
@@ -1,10 +1,10 @@
---
-- name: LIVE
+- name: "LIVE"
hosts: live
gather_facts: false
roles:
- - live
+ - nudgis/live
- import_playbook: subplays/standard-case.yml
# playbook target mediaserver and live hosts
diff --git a/playbooks/live/functions/create-live-app.yml b/playbooks/nudgis/live/functions/create-live-app.yml
similarity index 64%
rename from playbooks/live/functions/create-live-app.yml
rename to playbooks/nudgis/live/functions/create-live-app.yml
index e84b5bb64d67de031c3b1c142516f14e68d8938e..da1ec7947c4f97905e989b31e71446a72040bcb9 100644
--- a/playbooks/live/functions/create-live-app.yml
+++ b/playbooks/nudgis/live/functions/create-live-app.yml
@@ -1,77 +1,77 @@
---
-- name: Checking the live(s) server(s) live configuration state
+- name: "Checking the live(s) server(s) live configuration state"
hosts: live
gather_facts: false
tags: live
tasks:
- - name: Check the existence of the live configuration
+ - name: "Check the existence of the live configuration"
ansible.builtin.stat:
path: /etc/nginx/rtmp.d/{{ live_app_name }}.conf
register: live_conf_live
- - name: Getting the live configuration content
+ - name: "Getting the live configuration content"
ansible.builtin.shell: grep -oP '^application \K[A-Za-z0-9]+' /etc/nginx/rtmp.d/{{ live_app_name }}.conf
when: live_conf_live.stat.exists
register: live_conf_secret
changed_when: false
- - name: Extracting the application secret
+ - name: "Extracting the application secret"
ansible.builtin.set_fact:
live_secret: "{{ live_conf_secret.stdout }}"
when: live_conf_live.stat.exists
- - name: Declaring the application secret
+ - name: "Declaring the application secret"
ansible.builtin.set_fact:
live_secret: ""
when: not live_conf_live.stat.exists
-- name: Checking the MediaServer(s) live configuration state
- hosts: mediaserver
+- name: "Checking the MediaServer(s) live configuration state"
+ hosts: front
gather_facts: false
tags: live
tasks:
- - name: Check the existence of the live configuration
+ - name: "Check the existence of the live configuration"
ansible.builtin.stat:
path: /home/{{ live_app_name }}/msinstance/conf/lives.json
register: ms_conf_live
- - name: Retrieve the live configuration
+ - name: "Retrieve the live configuration"
ansible.builtin.slurp:
src: /home/{{ live_app_name }}/msinstance/conf/lives.json
register: ms_live_config
when: ms_conf_live.stat.exists
- - name: Extracting the application secret
+ - name: "Extracting the application secret"
ansible.builtin.set_fact:
live_secret: "{{ (ms_live_config.content | b64decode | from_json).RTMP_APP }}"
when: ms_conf_live.stat.exists
- - name: Declaring the application secret
+ - name: "Declaring the application secret"
ansible.builtin.set_fact:
live_secret: ""
when: not ms_conf_live.stat.exists
-- name: Computing the {{ live_app_name }} application secret
+- name: "Computing the application secret - {{ live_app_name }}"
hosts: localhost
gather_facts: false
tags: live
tasks:
- - name: Retrieving the first live host configured app secret as reference
+ - name: "Retrieving the first live host configured app secret as reference"
ansible.builtin.set_fact:
base_live_secret: "{{ hostvars[groups['live'][0]].live_secret }}"
app_secret_diff: false
when: hostvars[groups['live'][0]].live_secret | length > 0
- - name: Comparing the app secrets from MS an live servers with the reference
+ - name: "Comparing the app secrets from MS an live servers with the reference"
ansible.builtin.set_fact:
app_secret_diff: true
when: base_live_secret is defined and hostvars[item].live_secret != base_live_secret
with_items:
- "{{ groups['live'] }}"
- - "{{ groups['mediaserver'] }}"
+ - "{{ groups['front'] }}"
- - name: Generating an application secret on localhost with /dev/urandom
+ - name: "Generating an application secret on localhost with /dev/urandom"
ansible.builtin.shell: >
set -o pipefail && \
head /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 30 | head -n 1
@@ -81,33 +81,36 @@
changed_when: false
when: base_live_secret is not defined or app_secret_diff
- - name: Deciding the application secret to use
+ - name: "Deciding the application secret to use"
ansible.builtin.set_fact:
live_app_secret: "{{ secret.stdout | d(base_live_secret) }}"
-- name: Live server(s) - "{{ live_app_name }}" live application configuration
+- name: "Live server(s) - live application configuration - {{ live_app_name }}"
hosts: live
gather_facts: false
tags: live
tasks:
- - name: Check the existence of the RTMP app
+ - name: "Check the existence of the RTMP app"
ansible.builtin.command: ubicast-livectl checkuid {{ live_app_name }} {{ hostvars['localhost'].live_app_secret }}
register: app_status
changed_when: false
failed_when: false
- - name: (Re)create the RTMP app configuration
+ - name: "Gather the package facts"
+ ansible.builtin.package_facts:
+ manager: auto
+
+ - name: "(Re)create the RTMP app configuration"
notify:
- - Reload nginx
- - Setup munin-node plugins link
- - Restart munin-node service
+ - "Reload nginx"
+ - "Configure and restart munin-node"
ansible.builtin.command:
cmd: ubicast-livectl add {{ live_app_name }} {{ hostvars['localhost'].live_app_secret }}
creates: /etc/nginx/rtmp.d/{{ live_app_name }}.conf
when: app_status.rc == 1
- - name: Prepare the nginx RTMP temporary directory
- notify: Reload nginx
+ - name: "Prepare the nginx RTMP temporary directory"
+ notify: "Reload nginx"
ansible.builtin.file:
path: /var/tmp/nginx-rtmp/{{ live_app_name }}
owner: nginx
@@ -115,8 +118,8 @@
state: directory
mode: "0700"
- - name: Create the nginx RTMP web directory symlink
- notify: Reload nginx
+ - name: "Create the nginx RTMP web directory symlink"
+ notify: "Reload nginx"
ansible.builtin.file:
src: /var/tmp/nginx-rtmp/{{ live_app_name }}
dest: /var/www/{{ live_app_name }}/streaming-rtmp
@@ -125,76 +128,86 @@
when: deploy_case == "standard"
handlers:
- - name: Reload nginx
+ - name: "Reload nginx"
ansible.builtin.systemd:
name: nginx
state: reloaded
- - name: Setup munin-node plugins link
+ # Order here is important
+ - name: "Gather the package facts"
+ ansible.builtin.package_facts:
+ manager: auto
+ listen: "Configure and restart munin-node"
+
+ - name: "Setup munin-node plugins link" # noqa: risky-shell-pipe
ansible.builtin.shell:
- munin-node-configure --shell --remove-also 2>&1 | sh -x # noqa risky-shell-pipe
+ munin-node-configure --shell --remove-also 2>&1 | sh -x
# sh -x print executed cmd to stderr
register: munin_plugin_linked
changed_when: munin_plugin_linked.stderr | length > 0
+ when: "'munin-node' in ansible_facts.packages"
+ listen: "Configure and restart munin-node"
- - name: Restart munin-node service
+ - name: "Restart munin-node service"
ansible.builtin.service:
name: munin-node
state: restarted
+ when: "'munin-node' in ansible_facts.packages"
+ listen: "Configure and restart munin-node"
-- name: MediaServer(s) - "{{ live_app_name }}" live application configuration
- hosts: mediaserver
+- name: "MediaServer(s) - live application configuration - {{ live_app_name }}"
+ hosts: front
gather_facts: false
tags: live
tasks:
- - name: Getting the current lives configuration
+ - name: "Getting the current lives configuration"
ansible.builtin.slurp:
src: /home/{{ live_app_name }}/msinstance/conf/lives.json
register: lives_config
when: ms_conf_live.stat.exists
# The "W10K" string is decoded to an empty json file => "[]"
- - name: Store the lives configuration in a variable
+ - name: "Store the lives configuration in a variable"
ansible.builtin.set_fact:
lives_config: "{{ lives_config.content | default('W10K') | b64decode | from_json }}"
- - name: Set the live application secret in lives configuration
+ - name: "Set the live application secret in lives configuration"
vars:
rtmp_app_line:
RTMP_APP: "{{ hostvars['localhost'].live_app_secret }}"
ansible.builtin.set_fact:
lives_config: "{{ lives_config | combine(rtmp_app_line) }}"
- - name: Set the RTMP_NAME in lives configuration
+ - name: "Set the RTMP_NAME in lives configuration"
vars:
rtmp_name_line:
RTMP_NAME: "{{ live_app_name }}"
ansible.builtin.set_fact:
lives_config: "{{ lives_config | combine(rtmp_name_line) }}"
- - name: Set the RTMP_HLS_PLAYBACK_URL in lives configuration
+ - name: "Set the RTMP_HLS_PLAYBACK_URL in lives configuration"
vars:
rtmp_hls_line:
RTMP_HLS_PLAYBACK_URL: "{{ rtmp_hls_url }}"
ansible.builtin.set_fact:
lives_config: "{{ lives_config | combine(rtmp_hls_line) }}"
- - name: Set the RTMP_PLAYBACK_URL in lives configuration
+ - name: "Set the RTMP_PLAYBACK_URL in lives configuration"
vars:
rtmp_playback_line:
RTMP_PLAYBACK_URL:
ansible.builtin.set_fact:
lives_config: "{{ lives_config | combine(rtmp_playback_line) }}"
- - name: Set the RTMP_PUBLISH_URL in lives configuration
+ - name: "Set the RTMP_PUBLISH_URL in lives configuration"
vars:
rtmp_publish_line:
RTMP_PUBLISH_URL: "{{ rtmp_pub_url }}"
ansible.builtin.set_fact:
lives_config: "{{ lives_config | combine(rtmp_publish_line) }}"
- - name: Update mediaserver lives configuration
- notify: Restart mediaserver
+ - name: "Update Nudgis Front lives configuration"
+ notify: "Restart mediaserver"
ansible.builtin.copy:
content: "{{ lives_config | to_nice_json }}"
dest: /home/{{ live_app_name }}/msinstance/conf/lives.json
@@ -203,7 +216,7 @@
mode: "0600"
handlers:
- - name: Restart mediaserver
+ - name: "Restart mediaserver"
ansible.builtin.systemd:
name: mediaserver
state: restarted
diff --git a/playbooks/live/subplays/ha-case.yml b/playbooks/nudgis/live/subplays/ha-case.yml
similarity index 75%
rename from playbooks/live/subplays/ha-case.yml
rename to playbooks/nudgis/live/subplays/ha-case.yml
index b02809ed01b7e53253bd5bbdd71167797157d2f3..6920a60a78341557e383838f109e6ca2bddd5d4b 100644
--- a/playbooks/live/subplays/ha-case.yml
+++ b/playbooks/nudgis/live/subplays/ha-case.yml
@@ -1,32 +1,32 @@
---
-- name: Live vhost setup
+- name: "Live vhost setup"
hosts: live
tags: live
gather_facts: false
tasks:
- - name: resolve domain name to localhost
+ - name: "Resolve domain name to localhost"
ansible.builtin.lineinfile:
path: /etc/hosts
line: 127.0.1.1 {{ live_domain }}
backup: true
- - name: fill the vhost file
- notify: Restart nginx
+ - name: "Fill the vhost file"
+ notify: "Restart nginx"
ansible.builtin.replace:
path: /etc/nginx/sites-available/live-rtmp.conf
regexp: ^(\s+server_name)\s+.*(;)$
replace: \1 {{ live_domain }}\2
- - name: Activating the live vhost configuration
- notify: Restart nginx
+ - name: "Activating the live vhost configuration"
+ notify: "Restart nginx"
ansible.builtin.file:
src: /etc/nginx/sites-available/live-rtmp.conf
dest: /etc/nginx/sites-enabled/live-rtmp.conf
state: link
handlers:
- - name: Restart nginx
+ - name: "Restart nginx"
ansible.builtin.systemd:
name: nginx
state: restarted
@@ -38,16 +38,16 @@
rtmp_pub_url: rtmp://{{ hostvars[groups['live'][0]].live_domain }}/%(rtmp_app)s/%(stream_id)s
deploy_case: ha
-- hosts: mediaserver
+- hosts: front
tags: live
gather_facts: false
tasks:
- - name: Check the existence of the rtmp configuration folder
+ - name: "Check the existence of the rtmp configuration folder"
ansible.builtin.stat:
path: /etc/nginx/rtmp.d
register: rtmp_conf_dir
- - name: Remove unused MediaServer(s) rtmp configurations
+ - name: "Remove unused MediaServer(s) rtmp configurations"
ansible.builtin.command:
cmd: /bin/rm -r /etc/nginx/rtmp.d
removes: /etc/nginx/rtmp.d
diff --git a/playbooks/live/subplays/standard-case.yml b/playbooks/nudgis/live/subplays/standard-case.yml
similarity index 99%
rename from playbooks/live/subplays/standard-case.yml
rename to playbooks/nudgis/live/subplays/standard-case.yml
index 722b2e0cba4943bd6da2ad8e6ddb697b8e858aaf..800c31a61edd8117a7648c5f87f4e28176e1e3cf 100644
--- a/playbooks/live/subplays/standard-case.yml
+++ b/playbooks/nudgis/live/subplays/standard-case.yml
@@ -1,8 +1,10 @@
---
+
- import_playbook: ../functions/create-live-app.yml
vars:
live_app_name: msuser
rtmp_hls_url: https://%(ms_host)s/streaming-rtmp/%(stream_id)s.m3u8
rtmp_pub_url: rtmp://%(ms_host)s/%(rtmp_app)s/%(stream_id)s
deploy_case: standard
+
...
diff --git a/playbooks/celerity.yml b/playbooks/nudgis/manager/deploy.yml
similarity index 53%
rename from playbooks/celerity.yml
rename to playbooks/nudgis/manager/deploy.yml
index ce00bb099d7984c4f2ba0bfb15d83e268f544785..7550994490a5ffe93f3ae773ddf570c5a3814676 100755
--- a/playbooks/celerity.yml
+++ b/playbooks/nudgis/manager/deploy.yml
@@ -1,14 +1,14 @@
#!/usr/bin/env ansible-playbook
---
-- name: CELERITY SERVER
- hosts: celerity
+- name: "NUDGIS MANAGER"
+ hosts: manager
roles:
- - celerity
+ - nudgis/manager
post_tasks:
- - name: configure proxy
+ - name: "Configure proxy"
when: proxy_apply | d(false)
ansible.builtin.include_role:
- name: proxy
+ name: system/proxy
...
diff --git a/playbooks/nudgis/monitor/client/deploy.yml b/playbooks/nudgis/monitor/client/deploy.yml
new file mode 100644
index 0000000000000000000000000000000000000000..7782629a8cd698ced1df7a7e274a2594cc4ba190
--- /dev/null
+++ b/playbooks/nudgis/monitor/client/deploy.yml
@@ -0,0 +1,9 @@
+#!/usr/bin/env ansible-playbook
+---
+
+- name: "MONITOR CLIENT (MUNIN NODE)"
+ hosts: monitor_client
+ roles:
+ - nudgis/monitor/client
+
+...
diff --git a/playbooks/nudgis/monitor/server/deploy.yml b/playbooks/nudgis/monitor/server/deploy.yml
new file mode 100644
index 0000000000000000000000000000000000000000..72a083065452c567ceb9c78ba34c32b5841ee933
--- /dev/null
+++ b/playbooks/nudgis/monitor/server/deploy.yml
@@ -0,0 +1,9 @@
+#!/usr/bin/env ansible-playbook
+---
+
+- name: "MONITOR SERVER (WEBMONITOR)"
+ hosts: monitor_server
+ roles:
+ - nudgis/monitor/server
+
+...
diff --git a/playbooks/nudgis/netcapture/deploy.yml b/playbooks/nudgis/netcapture/deploy.yml
new file mode 100644
index 0000000000000000000000000000000000000000..3ee8be4e5edd837bad229a2926d001a880381078
--- /dev/null
+++ b/playbooks/nudgis/netcapture/deploy.yml
@@ -0,0 +1,10 @@
+---
+
+- name: "NUDGIS NETCAPTURE"
+ hosts: netcapture
+ gather_facts: false
+ roles:
+ - nudgis/lxc
+ - nudgis/netcapture
+
+...
diff --git a/playbooks/nudgis/postgres/deploy.yml b/playbooks/nudgis/postgres/deploy.yml
new file mode 100755
index 0000000000000000000000000000000000000000..1e63441dd576a809beaa769f0073e0019e34518f
--- /dev/null
+++ b/playbooks/nudgis/postgres/deploy.yml
@@ -0,0 +1,28 @@
+#!/usr/bin/env ansible-playbook
+---
+
+# Install a dedicated postgres for the manager if it is an independant host from the front
+# /!\ If no postgres host_vars are defined for this host, it will reuse the postgres group_vars (potentially the same as the front(s)) /!\
+- name: "POSTGRESQL FOR MANAGER (INDEPENDANT)"
+ hosts: manager
+ roles:
+ - role: nudgis/postgres
+ when: manager_independant
+ vars:
+ database_password: ""
+
+- name: "POSTGRESQL FOR NUDGIS"
+ hosts: postgres
+ roles:
+ - role: nudgis/postgres_ha
+ when: postgres_ha
+ - role: nudgis/postgres
+ when: not postgres_ha
+
+- name: "HAPROXY FOR POSTGRESQL IN HIGH AVALIBILITY"
+ hosts: front
+ roles:
+ - role: nudgis/haproxy
+ when: postgres_ha
+
+...
diff --git a/playbooks/postgres-maintenance.yml b/playbooks/nudgis/postgres/ha/postgres-maintenance.yml
similarity index 100%
rename from playbooks/postgres-maintenance.yml
rename to playbooks/nudgis/postgres/ha/postgres-maintenance.yml
diff --git a/playbooks/postgres-maintenance/fenced_to_standby.yml b/playbooks/nudgis/postgres/ha/postgres-maintenance/fenced_to_standby.yml
similarity index 80%
rename from playbooks/postgres-maintenance/fenced_to_standby.yml
rename to playbooks/nudgis/postgres/ha/postgres-maintenance/fenced_to_standby.yml
index ef85ed3644c4bd0f5830ea07a58f70608ffe23e5..b3767d7ed436f0aaecfbe60b8e0cbc32f432759a 100644
--- a/playbooks/postgres-maintenance/fenced_to_standby.yml
+++ b/playbooks/nudgis/postgres/ha/postgres-maintenance/fenced_to_standby.yml
@@ -1,26 +1,26 @@
#!/usr/bin/env ansible-playbook
---
-- name: POSTGRESQL SWITCH CURRENT FENCED TO STANDBY
+- name: "POSTGRESQL SWITCH CURRENT FENCED TO STANDBY"
hosts: postgres_fenced
tasks:
- - name: fail if node status if not fenced
+ - name: "Fail if node status if not fenced"
ansible.builtin.fail:
msg: Current status {{ rephacheck['stdout'] }} must be fenced.
when: rephacheck['stdout'] != "fenced"
- - name: stop postgresql
+ - name: "Stop postgresql"
ansible.builtin.systemd:
name: postgresql
state: stopped
- - name: delete postgresql data directory
+ - name: "Delete postgresql data directory"
ansible.builtin.file:
path: /var/lib/postgresql/15/main/
state: absent
force: true
- - name: copy data from primary
+ - name: "Copy data from primary"
ansible.builtin.command: >
repmgr -f /etc/postgresql/15/main/repmgr.conf
--force --verbose
@@ -33,13 +33,13 @@
# TOFIX: it would be better to check for a change in the output
changed_when: false
- - name: start postgresql
+ - name: "Start postgresql"
ansible.builtin.systemd:
name: postgresql
state: started
when: copy_from_primary is succeeded
- - name: register node as standby
+ - name: "Register node as standby"
ansible.builtin.command: repmgr -f /etc/postgresql/15/main/repmgr.conf --force --verbose standby register
become: true
become_user: postgres
diff --git a/playbooks/postgres-maintenance/rephacheck_status.yml b/playbooks/nudgis/postgres/ha/postgres-maintenance/rephacheck_status.yml
similarity index 78%
rename from playbooks/postgres-maintenance/rephacheck_status.yml
rename to playbooks/nudgis/postgres/ha/postgres-maintenance/rephacheck_status.yml
index 2f21c42b4b305212d2f00c5d939437c338bcbc0b..c52f9249d707760b567308fc698e0431bf28c633 100644
--- a/playbooks/postgres-maintenance/rephacheck_status.yml
+++ b/playbooks/nudgis/postgres/ha/postgres-maintenance/rephacheck_status.yml
@@ -1,15 +1,15 @@
#!/usr/bin/env ansible-playbook
---
-- name: REHACHECK STATUS
+- name: "REHACHECK STATUS"
hosts: postgres_primary:postgres_standby:postgres_fenced
tasks:
- - name: get cluster state
+ - name: "Get cluster state"
ansible.builtin.command: rephacheck
register: rephacheck
changed_when: false
- - name: show status for each node
+ - name: "Show status for each node"
ansible.builtin.debug:
msg: Current node {{ ansible_hostname }} status {{ rephacheck['stdout'] }}
when: rephacheck['stdout'] | length > 0
diff --git a/playbooks/postgres-maintenance/restart_repmgrd.yml b/playbooks/nudgis/postgres/ha/postgres-maintenance/restart_repmgrd.yml
similarity index 77%
rename from playbooks/postgres-maintenance/restart_repmgrd.yml
rename to playbooks/nudgis/postgres/ha/postgres-maintenance/restart_repmgrd.yml
index 8cc1dcfe75b7eb16e77877c7d0cedcf52e4e5c42..dd39286e05077560b70ac56183fdd191feb1f7de 100644
--- a/playbooks/postgres-maintenance/restart_repmgrd.yml
+++ b/playbooks/nudgis/postgres/ha/postgres-maintenance/restart_repmgrd.yml
@@ -1,16 +1,16 @@
#!/usr/bin/env ansible-playbook
---
-- name: REPMGRD RESTART
+- name: "REPMGRD RESTART"
hosts: postgres
tasks:
- - name: kill repmgrd
+ - name: "Kill repmgrd"
ansible.builtin.command: pkill repmgrd
# TOFIX: implement a proper verification
changed_when: false
failed_when: false
- - name: restart repmgrd
+ - name: "Restart repmgrd"
ansible.builtin.systemd:
name: repmgrd
state: restarted
diff --git a/playbooks/postgres-maintenance/standby_to_primary.yml b/playbooks/nudgis/postgres/ha/postgres-maintenance/standby_to_primary.yml
similarity index 80%
rename from playbooks/postgres-maintenance/standby_to_primary.yml
rename to playbooks/nudgis/postgres/ha/postgres-maintenance/standby_to_primary.yml
index 6ec7bc4bf2df03bfe1ad59f2d29da433141238f9..09385c579aa137d576933e62d0fae096574e1a77 100644
--- a/playbooks/postgres-maintenance/standby_to_primary.yml
+++ b/playbooks/nudgis/postgres/ha/postgres-maintenance/standby_to_primary.yml
@@ -1,15 +1,15 @@
#!/usr/bin/env ansible-playbook
---
-- name: POSTGRESQL SWITCH CURRENT STANDBY TO PRIMARY
+- name: "POSTGRESQL SWITCH CURRENT STANDBY TO PRIMARY"
hosts: postgres_standby
tasks:
- - name: fail if node status if not standby
+ - name: "Fail if node status if not standby"
ansible.builtin.fail:
msg: Current status {{ rephacheck['stdout'] }} must be standby.
when: rephacheck['stdout'] != "standby"
- - name: check if node is currently in standby
+ - name: "Check if node is currently in standby"
ansible.builtin.command:
cmd: repmgr standby switchover -f /etc/postgresql/15/main/repmgr.conf --siblings-follow --dry-run
become: true
@@ -18,7 +18,7 @@
register: standby_dry_run
when: rephacheck['stdout'] == "standby"
- - name: switch standby node to primary
+ - name: "Switch standby node to primary"
ansible.builtin.command:
cmd: repmgr standby switchover -f /etc/postgresql/15/main/repmgr.conf --siblings-follow
become: true
diff --git a/playbooks/nudgis/task_management/client/deploy.yml b/playbooks/nudgis/task_management/client/deploy.yml
new file mode 100755
index 0000000000000000000000000000000000000000..561a3ac9969752f88d75ed07497ac73f4b3d037b
--- /dev/null
+++ b/playbooks/nudgis/task_management/client/deploy.yml
@@ -0,0 +1,14 @@
+#!/usr/bin/env ansible-playbook
+---
+
+- name: "TASK MANAGEMENT CLIENT (WORKER)"
+ hosts: task_management_client
+ roles:
+ - nudgis/task_management/client
+ post_tasks:
+ - name: "Configure proxy"
+ when: proxy_apply | d(false)
+ ansible.builtin.include_role:
+ name: system/proxy
+
+...
diff --git a/playbooks/nudgis/task_management/server/deploy.yml b/playbooks/nudgis/task_management/server/deploy.yml
new file mode 100755
index 0000000000000000000000000000000000000000..5f973641868b51a6d50d4afccbe3fad287eeb306
--- /dev/null
+++ b/playbooks/nudgis/task_management/server/deploy.yml
@@ -0,0 +1,14 @@
+#!/usr/bin/env ansible-playbook
+---
+
+- name: "TASK MANAGEMENT SERVER (CELERITY)"
+ hosts: task_management_server
+ roles:
+ - nudgis/task_management/server
+ post_tasks:
+ - name: "Configure proxy"
+ when: proxy_apply | d(false)
+ ansible.builtin.include_role:
+ name: system/proxy
+
+...
diff --git a/playbooks/tester.yml b/playbooks/nudgis/tester/deploy.yml
similarity index 59%
rename from playbooks/tester.yml
rename to playbooks/nudgis/tester/deploy.yml
index e38acea5066341f0519f5050dcea4cbf1d43ccd4..c9d674b7faa97b72e2db4fe4204732009692db60 100755
--- a/playbooks/tester.yml
+++ b/playbooks/nudgis/tester/deploy.yml
@@ -1,9 +1,9 @@
#!/usr/bin/env ansible-playbook
---
-- name: Install UbiCast tester
+- name: "UBICAST TESTER"
hosts: tester
roles:
- - tester
+ - nudgis/tester
...
diff --git a/playbooks/mediavault/add_backup.yml b/playbooks/nudgis/vault/add_backup.yml
similarity index 65%
rename from playbooks/mediavault/add_backup.yml
rename to playbooks/nudgis/vault/add_backup.yml
index 519f9a80a5d19da220f47e323316c8a2fd34acff..8f678aa346f846496a6e961011d3a05269caed21 100755
--- a/playbooks/mediavault/add_backup.yml
+++ b/playbooks/nudgis/vault/add_backup.yml
@@ -1,11 +1,10 @@
#!/usr/bin/env ansible-playbook
---
-- name: MEDIAVAULT
- hosts: mediavault
- tags: mediavault
+- name: "NUDGIS VAULT"
+ hosts: vault
tasks:
- - name: Add backup
+ - name: "Add backup"
ansible.builtin.include_tasks: ressources/add_backup_task.yml
loop: "{{ vault_backups }}"
diff --git a/playbooks/netcapture.yml b/playbooks/nudgis/vault/deploy.yml
similarity index 54%
rename from playbooks/netcapture.yml
rename to playbooks/nudgis/vault/deploy.yml
index d1244788bcea085a58f36c9e5a2001b56a8afb15..bbbe761f7a3d639967743f555c14f34f764ace29 100755
--- a/playbooks/netcapture.yml
+++ b/playbooks/nudgis/vault/deploy.yml
@@ -1,14 +1,14 @@
#!/usr/bin/env ansible-playbook
---
-- name: NETCAPTURE
- hosts: netcapture
+- name: "NUDGIS VAULT"
+ hosts: vault
roles:
- - netcapture
+ - nudgis/vault
post_tasks:
- - name: configure proxy
+ - name: "Configure proxy"
when: proxy_apply | d(false)
ansible.builtin.include_role:
- name: proxy
+ name: system/proxy
...
diff --git a/playbooks/mediavault/ressources/add_backup_task.yml b/playbooks/nudgis/vault/ressources/add_backup_task.yml
similarity index 80%
rename from playbooks/mediavault/ressources/add_backup_task.yml
rename to playbooks/nudgis/vault/ressources/add_backup_task.yml
index c107f74a27b27d68cef4d3b57b5bbb29bcffaa42..b659b53a8e40fe57263e100bf1e1a534d4dee61a 100644
--- a/playbooks/mediavault/ressources/add_backup_task.yml
+++ b/playbooks/nudgis/vault/ressources/add_backup_task.yml
@@ -1,11 +1,11 @@
---
-- name: get {{ item.name }} backup information
+- name: "Get backup information - {{ item.name }}"
ansible.builtin.stat:
path: "{{ item.dest }}/backup.marker"
register: backup_marker
-- name: create {{ item.name }} backup
+- name: "Create backup - {{ item.name }}"
ansible.builtin.command:
cmd: mediavaultctl add --backup-name "{{ item.name }}" --source-folder "{{ item.source }}" --dest-folder "{{ item.dest }}"
creates: "/etc/systemd/system/mediavault-backup-{{ item.name }}.service"
diff --git a/playbooks/postgres-ha.yml b/playbooks/postgres-ha.yml
deleted file mode 100755
index 5ea790facd59d92f2287112a935b7dae8f63d906..0000000000000000000000000000000000000000
--- a/playbooks/postgres-ha.yml
+++ /dev/null
@@ -1,36 +0,0 @@
-#!/usr/bin/env ansible-playbook
----
-
-- name: POSTGRES HA
- hosts: postgres
- pre_tasks:
- - name: check that repmgr_node_id is set
- ansible.builtin.assert:
- that: repmgr_node_id != ""
- quiet: true
- - name: check that repmgr_primary_node is set
- ansible.builtin.assert:
- that: repmgr_primary_node != ""
- quiet: true
- - name: install psycopg2
- ansible.builtin.apt:
- force_apt_get: true
- install_recommends: false
- name: python3-psycopg2
- register: apt_status
- retries: 60
- until: apt_status is success or ('Failed to lock apt for exclusive operation' not in apt_status.msg and '/var/lib/dpkg/lock' not in apt_status.msg)
- roles:
- - postgres-ha
-
-- name: POSTGRES HA CLIENTS
- hosts: mediaserver
- # pre_tasks:
- # - name: check that haproxy is configured
- # ansible.builtin.assert:
- # that: hap_config_listen != ""
- # quiet: true
- roles:
- - haproxy
-
-...
diff --git a/playbooks/postgres.yml b/playbooks/postgres.yml
deleted file mode 100755
index 778212133a9b024764e2b1e4388a3e452003cdef..0000000000000000000000000000000000000000
--- a/playbooks/postgres.yml
+++ /dev/null
@@ -1,14 +0,0 @@
-#!/usr/bin/env ansible-playbook
----
-
-- name: POSTGRESQL
- hosts: postgres
- roles:
- - postgres
- post_tasks:
- - name: configure proxy
- when: proxy_apply | d(false)
- ansible.builtin.include_role:
- name: proxy
-
-...
diff --git a/playbooks/site.yml b/playbooks/site.yml
index dc158cbc15e1b8cd018993e96b7e4fca84376a8f..69ced08b26d9062c7a1f216f90adc630551d71d2 100755
--- a/playbooks/site.yml
+++ b/playbooks/site.yml
@@ -1,53 +1,54 @@
#!/usr/bin/env ansible-playbook
---
-- name: PYTHON
+- name: "PYTHON"
hosts: all
gather_facts: false
tasks:
- - name: ensure python3 is installed
+ - name: "Ensure python3 is installed"
register: python_install
changed_when: "'es_pyinstall' in python_install.stdout_lines"
ansible.builtin.raw: command -v python3 || echo es_pyinstall && apt update && apt install -y python3-minimal python3-apt iproute2
-# Should be in a installation role (see #39283)
-- name: UPDATE PACKAGES
- hosts: base
+# SYSTEM PLAYBOOKS
+# - import_playbook: system/proxy/deploy.yml
+- import_playbook: system/repository/deploy.yml
+- import_playbook: system/unattended_upgrades/deploy.yml # need repo (for ubicast unattended)
+- import_playbook: system/misc/deploy.yml
+- import_playbook: system/user/deploy.yml # need misc (for sudo bin)
+- import_playbook: system/ssh/deploy.yml # need user (for ssh keys) and repo (for ubicast keys)
+- import_playbook: system/localisation/deploy.yml
+- import_playbook: system/ntp/deploy.yml
+- import_playbook: system/postfix/deploy.yml
+- import_playbook: system/fail2ban/deploy.yml
+- import_playbook: system/nftables/deploy.yml
+
+# Check inventory for deployment specificities
+- name: "PREPARE DEPLOYMENT VARS"
+ hosts: ubicast
gather_facts: false
- tags: install
+ tags: always
tasks:
- - name: Update apt cache
- apt:
- update_cache: true
- cache_valid_time: 86400
- changed_when: false
-
-- import_playbook: base.yml
-
-- import_playbook: firewall.yml
-
-- import_playbook: "{{ 'postgres-ha' if groups['postgres']|d('') | length > 1 else 'postgres' }}.yml"
-
-- import_playbook: mirismanager.yml
-
-- import_playbook: celerity.yml
-
-- import_playbook: mediaworker.yml
-
-- import_playbook: mediaserver.yml
-
-- import_playbook: live/live.yml
-
-- import_playbook: mediacache/mediacache.yml
-
-- import_playbook: mediavault/deploy.yml
-
-- import_playbook: mediaimport.yml
-
-- import_playbook: netcapture/netcapture.yml
-
-- import_playbook: monitor/all.yml
-
-- import_playbook: tester.yml
+ - ansible.builtin.set_fact:
+ # See the nudgis/posgres/deploy.yml playbook for details on `postgres_ha` and `manager_independant` variables usage
+ postgres_ha: "{{ true if groups['postgres'] | d('') | length > 1 else false }}"
+ manager_independant: "{{ false if groups['manager'] | d('') | length == 0 or 'front' in hostvars[groups['manager'][0]].group_names else true }}"
+
+# NUDGIS PLAYBOOKS
+- import_playbook: nudgis/task_management/server/deploy.yml
+- import_playbook: nudgis/task_management/client/deploy.yml
+- import_playbook: nudgis/postgres/deploy.yml
+- import_playbook: nudgis/front/deploy.yml
+# manager should be played after the front to deduplicate the postgres installation
+- import_playbook: nudgis/manager/deploy.yml
+- import_playbook: nudgis/live/deploy.yml
+- import_playbook: nudgis/cache/deploy.yml
+- import_playbook: nudgis/vault/deploy.yml
+- import_playbook: nudgis/import/deploy.yml
+- import_playbook: nudgis/netcapture/deploy.yml
+# monitor/client should be played before the server part (facts aggregation reason)
+- import_playbook: nudgis/monitor/client/deploy.yml
+- import_playbook: nudgis/monitor/server/deploy.yml
+- import_playbook: nudgis/tester/deploy.yml
...
diff --git a/playbooks/system/fail2ban/deploy.yml b/playbooks/system/fail2ban/deploy.yml
new file mode 100755
index 0000000000000000000000000000000000000000..a44319142ca7f83720fa9c5761f21f63ed7ba9b1
--- /dev/null
+++ b/playbooks/system/fail2ban/deploy.yml
@@ -0,0 +1,9 @@
+#!/usr/bin/env ansible-playbook
+---
+
+- name: "FAIL2BAN"
+ hosts: ubicast
+ roles:
+ - system/fail2ban
+
+...
diff --git a/playbooks/system/localisation/deploy.yml b/playbooks/system/localisation/deploy.yml
new file mode 100755
index 0000000000000000000000000000000000000000..4d16798b1ec2a96b81f810bbb73257f611eeada5
--- /dev/null
+++ b/playbooks/system/localisation/deploy.yml
@@ -0,0 +1,9 @@
+#!/usr/bin/env ansible-playbook
+---
+
+- name: "LOCALISATION"
+ hosts: ubicast
+ roles:
+ - system/localisation
+
+...
diff --git a/playbooks/system/misc/deploy.yml b/playbooks/system/misc/deploy.yml
new file mode 100755
index 0000000000000000000000000000000000000000..5ac32bf0b563ceb70f8180b4abe2413db604224c
--- /dev/null
+++ b/playbooks/system/misc/deploy.yml
@@ -0,0 +1,9 @@
+#!/usr/bin/env ansible-playbook
+---
+
+- name: "SYSTEM MISC."
+ hosts: ubicast
+ roles:
+ - system/misc
+
+...
diff --git a/playbooks/system/nftables/deploy.yml b/playbooks/system/nftables/deploy.yml
new file mode 100755
index 0000000000000000000000000000000000000000..c0b5c30472e2fc2a0126d992881b506a37624d13
--- /dev/null
+++ b/playbooks/system/nftables/deploy.yml
@@ -0,0 +1,9 @@
+#!/usr/bin/env ansible-playbook
+---
+
+- name: "NFTABLES"
+ hosts: ubicast
+ roles:
+ - system/nftables
+
+...
diff --git a/playbooks/base.yml b/playbooks/system/ntp/deploy.yml
similarity index 51%
rename from playbooks/base.yml
rename to playbooks/system/ntp/deploy.yml
index 207aae30a1fb77634b01cef49f21c535f95d9c29..b1b40d8f7ec18a56d17ed01d4dffe0d43d2c13e1 100755
--- a/playbooks/base.yml
+++ b/playbooks/system/ntp/deploy.yml
@@ -1,9 +1,9 @@
#!/usr/bin/env ansible-playbook
---
-- name: BASE
- hosts: base
+- name: "NTP"
+ hosts: ubicast
roles:
- - base
+ - system/ntp
...
diff --git a/playbooks/system/postfix/deploy.yml b/playbooks/system/postfix/deploy.yml
new file mode 100755
index 0000000000000000000000000000000000000000..1ccbf35794d3f083181c6eabad9c2142dff1f8de
--- /dev/null
+++ b/playbooks/system/postfix/deploy.yml
@@ -0,0 +1,9 @@
+#!/usr/bin/env ansible-playbook
+---
+
+- name: "POSTFIX"
+ hosts: ubicast
+ roles:
+ - system/postfix
+
+...
diff --git a/playbooks/system/repository/deploy.yml b/playbooks/system/repository/deploy.yml
new file mode 100755
index 0000000000000000000000000000000000000000..7d9fbd4b79072a29fafb880fe6bcbb767b00ec8b
--- /dev/null
+++ b/playbooks/system/repository/deploy.yml
@@ -0,0 +1,9 @@
+#!/usr/bin/env ansible-playbook
+---
+
+- name: "REPOSITORY"
+ hosts: ubicast
+ roles:
+ - system/repository
+
+...
diff --git a/playbooks/system/ssh/deploy.yml b/playbooks/system/ssh/deploy.yml
new file mode 100755
index 0000000000000000000000000000000000000000..c4f5de3bbb0b971f1351707abd5d9d86b9ecdb8c
--- /dev/null
+++ b/playbooks/system/ssh/deploy.yml
@@ -0,0 +1,9 @@
+#!/usr/bin/env ansible-playbook
+---
+
+- name: "SSH CLIENT AND SERVER"
+ hosts: ubicast
+ roles:
+ - system/ssh
+
+...
diff --git a/playbooks/system/unattended_upgrades/deploy.yml b/playbooks/system/unattended_upgrades/deploy.yml
new file mode 100755
index 0000000000000000000000000000000000000000..87b37dfabdb25e9f366f07806b7c3cadc2f3d266
--- /dev/null
+++ b/playbooks/system/unattended_upgrades/deploy.yml
@@ -0,0 +1,9 @@
+#!/usr/bin/env ansible-playbook
+---
+
+- name: "UNATTENDED UPGRADES"
+ hosts: ubicast
+ roles:
+ - system/unattended_upgrades
+
+...
diff --git a/playbooks/system/user/deploy.yml b/playbooks/system/user/deploy.yml
new file mode 100755
index 0000000000000000000000000000000000000000..c07efa089b90a256ac1a03cab5bd235303710d2a
--- /dev/null
+++ b/playbooks/system/user/deploy.yml
@@ -0,0 +1,9 @@
+#!/usr/bin/env ansible-playbook
+---
+
+- name: "SYSTEM USER"
+ hosts: ubicast
+ roles:
+ - system/user
+
+...
diff --git a/playbooks/tests/data-partition.yml b/playbooks/tests/data-partition.yml
index f2c8c8abcbb9c83ad691a42b8c68245ce85bfa8f..77aff02507dfb50a300ce0c5dda9496afe2b1470 100755
--- a/playbooks/tests/data-partition.yml
+++ b/playbooks/tests/data-partition.yml
@@ -1,68 +1,68 @@
#!/usr/bin/env ansible-playbook
---
-- name: TEST DATA PARTITION
+- name: "TEST DATA PARTITION"
hosts: mediaserver
gather_facts: false
tasks:
- - name: verify /data partition existence
+ - name: "Verify /data partition existence"
ansible.builtin.command: findmnt /data
register: data_exist
failed_when: false
changed_when: false
# /data exist
- - name: Verify if /data exist
+ - name: "Verify if /data exist"
when: data_exist.rc == 0
block:
- - name: get /data size
+ - name: "Get /data size"
ansible.builtin.command: df -BG /data --output=size | tail -n1 | grep -o '[0-9]*'
register: data_size
failed_when: false
changed_when: false
- - name: print size
+ - name: "Print size"
ansible.builtin.debug:
msg: /data size is {{ data_size.stdout }}G
- - name: create a test directory in /data
+ - name: "Create a test directory in /data" # noqa: ignore-errors
ansible.builtin.file:
path: /data/test
state: directory
mode: "0755"
owner: nobody
group: nogroup
- ignore_errors: true # noqa ignore-errors
+ ignore_errors: true
changed_when: false
- - name: create a test file in /data
+ - name: "Create a test file in /data" # noqa: ignore-errors
ansible.builtin.file:
state: touch
path: /data/test/file
mode: "0644"
owner: nobody
group: nogroup
- ignore_errors: true # noqa ignore-errors
+ ignore_errors: true
become: true
become_method: ansible.builtin.sudo
become_user: nobody
changed_when: false
# /data missing
- - name: Verify if /home is big enough
+ - name: "Verify if /home is big enough"
when: data_exist.rc != 0
block:
- - name: get /home size
+ - name: "Get /home size"
ansible.builtin.command: df -BG /home --output=size | tail -n1 | grep -o '[0-9]*'
register: home_size
failed_when: false
changed_when: false
- - name: verify size
+ - name: "Verify size" # noqa: ignore-errors
ansible.builtin.debug:
msg: /home size is too short ({{ home_size.stdout }}G < 200G)
when: home_size.stdout | int < 200
- ignore_errors: true # noqa ignore-errors
+ ignore_errors: true
failed_when: true
...
diff --git a/playbooks/tests/exec-tester.yml b/playbooks/tests/exec-tester.yml
index 8c22df2f3f4df02368e9b47026b74057ef7e6114..f060cac89061d74c6511dcc1bd4c4e6c2f408a87 100755
--- a/playbooks/tests/exec-tester.yml
+++ b/playbooks/tests/exec-tester.yml
@@ -1,24 +1,13 @@
#!/usr/bin/env ansible-playbook
---
-- name: RUN TESTER
- hosts: all
- tags: tester
+- hosts: tester
gather_facts: false
- vars:
- tester_reset_log: false
tasks:
- - name: remove envsetup tester log
- when: tester_reset_log
- ansible.builtin.file:
- path: /root/envsetup/tests/logs/tester_pb.log
- state: absent
- - name: envsetup tester
- ansible.builtin.shell:
- cmd: |
- set -o pipefail
- python3 /root/envsetup/tests/tester.py 2>&1 | tee /root/envsetup/tests/logs/tester_pb.log
- creates: /root/envsetup/tests/logs/tester_pb.log
- executable: /bin/bash
+ - name: "Launching the ubicast-tester"
+ ansible.builtin.command: ubicast-tester --verbose --extended
+ register: tester_result
+ failed_when: tester_result.rc != 0
+ changed_when: false
...
diff --git a/playbooks/tests/firewall-rules.yml b/playbooks/tests/firewall-rules.yml
index c1557f8d7d926f679b184a8bbfed82374a280788..515d8df745656f21ba354358cc2948652b2acbf4 100755
--- a/playbooks/tests/firewall-rules.yml
+++ b/playbooks/tests/firewall-rules.yml
@@ -1,24 +1,24 @@
#!/usr/bin/env ansible-playbook
---
-- name: GATHER ALL FACTS
+- name: "GATHER ALL FACTS"
hosts: all
tasks:
- - name: ensure python3 is installed
+ - name: "Ensure python3 is installed"
register: python_install
changed_when: "'es_pyinstall' in python_install.stdout_lines"
ansible.builtin.raw: command -v python3 || echo es_pyinstall && apt update && apt install -y python3-minimal python3-apt iproute2
tags: always
-- name: SET PORTS TO LISTEN
+- name: "SET PORTS TO LISTEN"
hosts: all
gather_facts: false
tasks:
- - name: Set vars
+ - name: "Set vars"
ansible.builtin.include_vars:
file: ressources/firewall/rules.yml
- - name: listen ports
+ - name: "Listen ports"
ansible.builtin.include_tasks: ressources/firewall/listen.yml
# loop over listen vars (named outer_item) and call firewall-listen
loop: "{{ listen }}"
@@ -27,15 +27,15 @@
# execute loop only when group exists and host is in listen.groupname
when: (outer_item.groupname in groups) and (inventory_hostname in groups[outer_item.groupname])
-- name: TEST FIREWALL RULES
+- name: "TEST FIREWALL RULES"
hosts: all
gather_facts: false
tasks:
- - name: Set vars
+ - name: "Set vars"
ansible.builtin.include_vars:
file: ressources/firewall/rules.yml
- - name: test rules
+ - name: "Test rules"
ansible.builtin.include_tasks: ressources/firewall/test-rule.yml
# loop over listen vars (named outer_item) and call firewall-listen
loop: "{{ test }}"
diff --git a/playbooks/tests/ressources/firewall/listen.yml b/playbooks/tests/ressources/firewall/listen.yml
index c52f31da30bb3b8a2b67241c60deb178a286443c..0b940f5810e21fa414270c19ac961f68f320b679 100644
--- a/playbooks/tests/ressources/firewall/listen.yml
+++ b/playbooks/tests/ressources/firewall/listen.yml
@@ -1,12 +1,12 @@
---
-- name: Print debug
+- name: "Print debug"
ansible.builtin.debug:
msg: On {{ outer_item.groupname }} server(s) put {{ outer_item.ports }} port(s) in listen mode
-- name: put port {{ item }} in listen mode
+- name: "Put port in listen mode - {{ item }}" # noqa: ignore-errors
ansible.builtin.shell: nohup timeout 300 nc -lp {{ item }} >/dev/null 2>&1 &
- ignore_errors: true # noqa ignore-errors
+ ignore_errors: true
loop: "{{ outer_item.ports }}"
changed_when: false
diff --git a/playbooks/tests/ressources/firewall/test-rule.yml b/playbooks/tests/ressources/firewall/test-rule.yml
index 06e2c22a9105a720a7a12ecba46ddcc9c90ad08f..4f73bced4f1a119f3a7fff09a2d8ec28a066b277 100644
--- a/playbooks/tests/ressources/firewall/test-rule.yml
+++ b/playbooks/tests/ressources/firewall/test-rule.yml
@@ -1,45 +1,45 @@
---
# test rules with direct hosts destination
-- name: Test host rules
+- name: "Test host rules"
when: outer_item.hosts_dst is defined
block:
- - name: Print debug
+ - name: "Print debug"
ansible.builtin.debug:
msg: Test rule from {{ outer_item.groupname_src }} to {{ outer_item.hosts_dst }} on {{ outer_item.ports }} port(s)
- - name: Test port
+ - name: "Test port" # noqa: ignore-errors
ansible.builtin.command: nc -zv {{ item.0 }} {{ item.1 }}
- ignore_errors: true # noqa ignore-errors
+ ignore_errors: true
loop: "{{ outer_item.hosts_dst | product(outer_item.ports) | list }}"
when: proxy is not defined
changed_when: false
- - name: Test port with proxy
+ - name: "Test port with proxy" # noqa: ignore-errors
ansible.builtin.command: nc -x {{ proxy }} -X Connect -zv {{ item.0 }} {{ item.1 }}
- ignore_errors: true # noqa ignore-errors
+ ignore_errors: true
loop: "{{ outer_item.hosts_dst | product(outer_item.ports) | list }}"
when: proxy is defined
changed_when: false
# test rules with ansible group destination
-- name: Test host group rules
+- name: "Test host group rules"
when: outer_item.groupname_dst is defined
block:
- - name: Print debug
+ - name: "Print debug"
ansible.builtin.debug:
msg: Test rule from {{ outer_item.groupname_src }} to {{ outer_item.groupname_dst }} on {{ outer_item.ports }} port(s)
- - name: Test port
+ - name: "Test port" # noqa: ignore-errors
ansible.builtin.command: nc -zv {{ item.0 }} {{ item.1 }}
- ignore_errors: true # noqa ignore-errors
+ ignore_errors: true
loop: "{{ groups[outer_item.groupname_dst] | map('extract', hostvars, ['ansible_default_ipv4', 'address']) | list | product(outer_item.ports) | list }}"
when: proxy is not defined
changed_when: false
- - name: Test port with proxy
+ - name: "Test port with proxy" # noqa: ignore-errors
ansible.builtin.command: nc -x {{ proxy }} -X Connect -zv {{ item.0 }} {{ item.1 }}
- ignore_errors: true # noqa ignore-errors
+ ignore_errors: true
loop: "{{ groups[outer_item.groupname_dst] | map('extract', hostvars, ['ansible_default_ipv4', 'address']) | list | product(outer_item.ports) | list }}"
when: proxy is defined
changed_when: false
diff --git a/roles/base/README.md b/roles/base/README.md
deleted file mode 100644
index 2a3aab54ae8202345f925c1a90e39f3244da1b36..0000000000000000000000000000000000000000
--- a/roles/base/README.md
+++ /dev/null
@@ -1,7 +0,0 @@
-# Base
-## Description
-
-The base group is a meta-group used only to group together the various dependencies required by UbiCast solutions.
-
- This group is only meant to be used as a meta group (see for instance meta groups section in the [standard example inventory](../../inventories/example/std/hosts) or [HA example inventory](../../inventories/example/ha/hosts)).
- You should also look at the metagroups of base to fill out the variables in your inventory: [init](../init/README.md), [sysconfig](../sysconfig/README.md), [sysuser](../sysuser/README.md), [postfix](../postfix/README.md), [fail2ban](../fail2ban/README.md).
diff --git a/roles/base/meta/main.yml b/roles/base/meta/main.yml
deleted file mode 100644
index cb50f1f076f5c17b9808166729a6241a6d1bc147..0000000000000000000000000000000000000000
--- a/roles/base/meta/main.yml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-
-dependencies:
- - role: sysconfig
- - role: sysuser
- - role: postfix
- - role: fail2ban
-
-...
diff --git a/roles/celerity/tasks/base.yml b/roles/celerity/tasks/base.yml
deleted file mode 100644
index fb96aaff0d855ecacec4c0a0699a29ed0e7f81c9..0000000000000000000000000000000000000000
--- a/roles/celerity/tasks/base.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-
-- import_tasks: ../../shared/tasks/firewall_rules_files.yml # noqa: name[missing]
-
-...
diff --git a/roles/letsencrypt/defaults/main.yml b/roles/letsencrypt/defaults/main.yml
deleted file mode 100644
index 0c0c93a64029a5c4d55a1b9c5f40037077a90410..0000000000000000000000000000000000000000
--- a/roles/letsencrypt/defaults/main.yml
+++ /dev/null
@@ -1,12 +0,0 @@
----
-
-# List the domain to configure with a let's encrypt certificate. If an empty list is provided, every domain found in nginx is configured.
-letsencrypt_domains: []
-
-# Email of the Let's Encrypt SSL certificates administrator(s)
-letsencrypt_email: "admin@example.com"
-
-# Default Let's Encrypt web root folder for challenges publication
-letsencrypt_webroot: "/var/www/letsencrypt"
-
-...
diff --git a/roles/letsencrypt/tasks/configure/letsencrypt-configure.yml b/roles/letsencrypt/tasks/configure/letsencrypt-configure.yml
deleted file mode 100644
index 2cc4c3b4777fd6190e8c73d4013caec4d9df697e..0000000000000000000000000000000000000000
--- a/roles/letsencrypt/tasks/configure/letsencrypt-configure.yml
+++ /dev/null
@@ -1,127 +0,0 @@
----
-
-- name: get all server_name values
- when: letsencrypt_domains == []
- changed_when: false
- register: letsencryt_nginx_output
- ansible.builtin.shell:
- executable: /bin/bash
- cmd: >
- set -o pipefail;
- nginx -T 2>&1 | grep -v localhost | grep -P '^\s+server_name\s+.*;$' | sed -r 's/\s+server_name\s+(.*);/\1/' | uniq
-
-- name: save result as list
- when: letsencrypt_domains == []
- ansible.builtin.set_fact:
- letsencrypt_domains: "{{ letsencryt_nginx_output.stdout.split() }}"
-
-- name: save domains list in a file
- register: letsencrypt_save_list
- ansible.builtin.copy:
- dest: /etc/letsencrypt/domains.txt
- content: |
- {% for domain in letsencrypt_domains %}
- {{ domain }}
- {% endfor %}
- mode: "644"
-
-- name: create webroot directory
- ansible.builtin.file:
- path: "{{ letsencrypt_webroot }}"
- state: directory
- mode: "755"
-
-- name: create pre hook directory
- ansible.builtin.file:
- path: /etc/letsencrypt/renewal-hooks/pre
- state: directory
- mode: "755"
-
-- name: create pre hook script
- ansible.builtin.copy:
- dest: /etc/letsencrypt/renewal-hooks/pre/mkdir
- mode: "0755"
- content: |
- #!/usr/bin/env bash
- CERTBOT_DOCROOT=/var/www/letsencrypt
- mkdir -p "$CERTBOT_DOCROOT"
- chmod 755 "$CERTBOT_DOCROOT"
-
-- name: create deploy hook directory
- ansible.builtin.file:
- path: /etc/letsencrypt/renewal-hooks/deploy
- state: directory
- mode: "755"
-
-- name: create deploy hook script
- ansible.builtin.copy:
- dest: /etc/letsencrypt/renewal-hooks/deploy/nginx
- mode: "0755"
- content: |
- #!/usr/bin/env bash
- systemctl reload nginx
-
-- name: test generate certificates
- when:
- - letsencrypt_domains != []
- - letsencrypt_save_list is changed
- register: letsencrypt_dry_run
- ignore_errors: true
- changed_when: false
- ansible.builtin.command:
- cmd: >
- certbot certonly
- --dry-run
- -n --agree-tos -m {{ letsencrypt_email }}
- --webroot -w {{ letsencrypt_webroot }}
- --expand
- -d {{ letsencrypt_domains | join(',') }}
-
-- name: remove domains list file in case of failure
- when: letsencrypt_dry_run is failed
- ansible.builtin.file:
- path: "{{ letsencrypt_save_list.dest }}"
- state: absent
-
-- name: exit in case of failure
- when: letsencrypt_dry_run is failed
- ansible.builtin.fail:
-
-- name: generate certificates
- notify: restart nginx
- when:
- - letsencrypt_domains != []
- - letsencrypt_save_list is changed
- - letsencrypt_dry_run is succeeded
- ansible.builtin.command:
- cmd: >
- certbot certonly
- -n --agree-tos -m {{ letsencrypt_email }}
- --webroot -w {{ letsencrypt_webroot }}
- --expand
- -d {{ letsencrypt_domains | join(',') }}
- creates: "/etc/letsencrypt/live/{{ letsencrypt_domains[0] }}/privkey.pem"
-
-- name: update nginx certificate configuration
- when:
- - letsencrypt_domains != []
- - letsencrypt_save_list is changed
- - letsencrypt_dry_run is succeeded
- notify: restart nginx
- ansible.builtin.lineinfile:
- path: /etc/nginx/conf.d/ssl_certificate.conf
- regexp: 'ssl_certificate\s+([\w/\-\_\.]+);'
- line: ssl_certificate /etc/letsencrypt/live/{{ letsencrypt_domains[0] }}/fullchain.pem;
-
-- name: update nginx certificate key configuration
- when:
- - letsencrypt_domains != []
- - letsencrypt_save_list is changed
- - letsencrypt_dry_run is succeeded
- notify: restart nginx
- ansible.builtin.lineinfile:
- path: /etc/nginx/conf.d/ssl_certificate.conf
- regexp: 'ssl_certificate_key\s+([\w/\-\_\.]+);'
- line: ssl_certificate_key /etc/letsencrypt/live/{{ letsencrypt_domains[0] }}/privkey.pem;
-
-...
diff --git a/roles/live/handlers/main.yml b/roles/live/handlers/main.yml
deleted file mode 100644
index 322ea71e2753a8bffc67694b3fabe15584dfca63..0000000000000000000000000000000000000000
--- a/roles/live/handlers/main.yml
+++ /dev/null
@@ -1,10 +0,0 @@
----
-
-- name: restart nginx
- ansible.builtin.systemd:
- name: nginx
- state: restarted
-
-- import_tasks: ../../shared/handlers/nftables.yml # noqa: name[missing]
-
-...
diff --git a/roles/mediacache/handlers/main.yml b/roles/mediacache/handlers/main.yml
deleted file mode 100644
index 322ea71e2753a8bffc67694b3fabe15584dfca63..0000000000000000000000000000000000000000
--- a/roles/mediacache/handlers/main.yml
+++ /dev/null
@@ -1,10 +0,0 @@
----
-
-- name: restart nginx
- ansible.builtin.systemd:
- name: nginx
- state: restarted
-
-- import_tasks: ../../shared/handlers/nftables.yml # noqa: name[missing]
-
-...
diff --git a/roles/mediaimport/README.md b/roles/mediaimport/README.md
deleted file mode 100644
index 93cc3fcef0b99daa564a971ffdb3ba3ffc1ff6c3..0000000000000000000000000000000000000000
--- a/roles/mediaimport/README.md
+++ /dev/null
@@ -1,4 +0,0 @@
-# Mediaimport
-## Description
-
-The Nudgis import group is used to configure all hosts that allow video to be added to the Nudgis platform via an upload (sftp, ftp(s)).
diff --git a/roles/mediaserver/handlers/main.yml b/roles/mediaserver/handlers/main.yml
deleted file mode 100644
index 3789fc1433e5123aaed47cd14bb61298093a5dd1..0000000000000000000000000000000000000000
--- a/roles/mediaserver/handlers/main.yml
+++ /dev/null
@@ -1,21 +0,0 @@
----
-
-- name: restart nginx
- ansible.builtin.systemd:
- name: nginx
- state: restarted
-
-- name: restart mediaserver
- ansible.builtin.systemd:
- name: mediaserver
- state: restarted
-
-- name: restart systemd-sysusers
- ansible.builtin.systemd:
- name: systemd-sysusers
- state: restarted
-
-- import_tasks: ../../shared/handlers/munin-node.yml # noqa: name[missing]
-- import_tasks: ../../shared/handlers/nftables.yml # noqa: name[missing]
-
-...
diff --git a/roles/mediaserver/meta/main.yml b/roles/mediaserver/meta/main.yml
deleted file mode 100644
index 2701f919f7160bff311e0febff5623ebb28dc1f7..0000000000000000000000000000000000000000
--- a/roles/mediaserver/meta/main.yml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-
-dependencies:
- - role: nginx
- - when: groups['postgres'] | length > 1
- role: haproxy
-
-...
diff --git a/roles/mediaserver/tasks/configure/synchronize.yml b/roles/mediaserver/tasks/configure/synchronize.yml
deleted file mode 100644
index 887d928d69f1a455910489888fb55b9f96aedd4a..0000000000000000000000000000000000000000
--- a/roles/mediaserver/tasks/configure/synchronize.yml
+++ /dev/null
@@ -1,67 +0,0 @@
----
-
-- name: fetch ssh public key
- register: root_ssh_pubkey
- ansible.builtin.slurp:
- path: /root/.ssh/id_ed25519.pub
- tags: always
-
-- name: register ssh public key as an ansible fact
- ansible.builtin.set_fact:
- pubkey: "{{ root_ssh_pubkey['content'] | b64decode }}"
- tags: always
-
-- name: share ssh public key between cluster members
- loop: "{{ groups['mediaserver'] }}"
- ansible.posix.authorized_key:
- user: root
- key: "{{ hostvars[item]['pubkey'] }}"
- tags: always
-
-- name: synchronize configuration between servers # noqa command-instead-of-module
- # Cannot use the ansible synchronization module, cause there is no way to set a destination IP intead of the destination ansible hostname
- # noqa command-instead-of-module = warn to use the synchronization module instead of rsync in the command module
- when:
- - inventory_hostname != groups['mediaserver'][0]
- loop:
- - /etc/mediaserver
- - /etc/nginx
- - /etc/sysusers.d
- - /var/www
- ansible.builtin.command: |
- rsync \
- -avh \
- -e "ssh -o StrictHostKeyChecking=no" \
- --delete \
- "{{ item }}/" \
- "root@{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}:{{ item }}/"
- notify:
- - restart systemd-sysusers
- - restart nginx
- - restart mediaserver
- delegate_to: "{{ groups['mediaserver'][0] }}"
- changed_when: false
- tags: mediaserver-synchronize
-
-- name: synchronize letsencrypt configuration between servers # noqa command-instead-of-module
- # Cannot use the ansible synchronization module, cause there is no way to set a destination IP intead of the destination ansible hostname
- # noqa command-instead-of-module = warn to use the synchronization module instead of rsync in the command module
- when:
- - inventory_hostname != groups['mediaserver'][0]
- - letsencrypt_enabled | d(false)
- loop:
- - /etc/letsencrypt
- ansible.builtin.command: |
- rsync \
- -avh \
- -e "ssh -o StrictHostKeyChecking=no" \
- --delete \
- "{{ item }}/" \
- "root@{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}:{{ item }}/"
- notify:
- - restart nginx
- delegate_to: "{{ groups['mediaserver'][0] }}"
- changed_when: false
- tags: mediaserver-synchronize
-
-...
diff --git a/roles/mediaserver/tasks/main.yml b/roles/mediaserver/tasks/main.yml
deleted file mode 100644
index 21ffa13e2e09ad71a2c7b4debadf373c8dab60cf..0000000000000000000000000000000000000000
--- a/roles/mediaserver/tasks/main.yml
+++ /dev/null
@@ -1,33 +0,0 @@
----
-
-- name: INSTALL
- ansible.builtin.include_tasks:
- file: "install.yml"
- apply:
- become: true
- tags:
- - install
- tags:
- - always
-
-- name: BASE CONFIGURATION
- ansible.builtin.include_tasks:
- file: "base.yml"
- apply:
- become: true
- tags:
- - base
- tags:
- - always
-
-- name: CONFIGURE
- ansible.builtin.include_tasks:
- file: "configure.yml"
- apply:
- become: true
- tags:
- - configure
- tags:
- - always
-
-...
diff --git a/roles/mediavault/tasks/main.yml b/roles/mediavault/tasks/main.yml
deleted file mode 100644
index 21ffa13e2e09ad71a2c7b4debadf373c8dab60cf..0000000000000000000000000000000000000000
--- a/roles/mediavault/tasks/main.yml
+++ /dev/null
@@ -1,33 +0,0 @@
----
-
-- name: INSTALL
- ansible.builtin.include_tasks:
- file: "install.yml"
- apply:
- become: true
- tags:
- - install
- tags:
- - always
-
-- name: BASE CONFIGURATION
- ansible.builtin.include_tasks:
- file: "base.yml"
- apply:
- become: true
- tags:
- - base
- tags:
- - always
-
-- name: CONFIGURE
- ansible.builtin.include_tasks:
- file: "configure.yml"
- apply:
- become: true
- tags:
- - configure
- tags:
- - always
-
-...
diff --git a/roles/mirismanager/meta/main.yml b/roles/mirismanager/meta/main.yml
deleted file mode 100644
index e4e6ff5f9a0567dd1c34ebf8333a45d11edce5d4..0000000000000000000000000000000000000000
--- a/roles/mirismanager/meta/main.yml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-
-dependencies:
- - role: nginx
- - when: "'postgres' in group_names"
- role: postgres
-
-...
diff --git a/roles/mirismanager/tasks/main.yml b/roles/mirismanager/tasks/main.yml
deleted file mode 100644
index 21ffa13e2e09ad71a2c7b4debadf373c8dab60cf..0000000000000000000000000000000000000000
--- a/roles/mirismanager/tasks/main.yml
+++ /dev/null
@@ -1,33 +0,0 @@
----
-
-- name: INSTALL
- ansible.builtin.include_tasks:
- file: "install.yml"
- apply:
- become: true
- tags:
- - install
- tags:
- - always
-
-- name: BASE CONFIGURATION
- ansible.builtin.include_tasks:
- file: "base.yml"
- apply:
- become: true
- tags:
- - base
- tags:
- - always
-
-- name: CONFIGURE
- ansible.builtin.include_tasks:
- file: "configure.yml"
- apply:
- become: true
- tags:
- - configure
- tags:
- - always
-
-...
diff --git a/roles/monitor/msmonitor/defaults/main.yml b/roles/monitor/msmonitor/defaults/main.yml
deleted file mode 100644
index c1060c49606da6b6f2946ca801f9ff7428ded726..0000000000000000000000000000000000000000
--- a/roles/monitor/msmonitor/defaults/main.yml
+++ /dev/null
@@ -1,12 +0,0 @@
----
-
-# Defines the default domain for monitor
-monitor_domain: "monitor.example.com"
-
-# Password for the webmonitor ubicast user
-monitor_user_ubicast_password: "changeit"
-
-# Password for the webmonitor admin user
-monitor_user_admin_password: "changeit"
-
-...
diff --git a/roles/monitor/msmonitor/handlers/main.yml b/roles/monitor/msmonitor/handlers/main.yml
deleted file mode 100644
index 369583e47bd52a0a8a94e6c834dcf475675abd57..0000000000000000000000000000000000000000
--- a/roles/monitor/msmonitor/handlers/main.yml
+++ /dev/null
@@ -1,10 +0,0 @@
----
-
-- name: restart nginx
- ansible.builtin.service:
- name: nginx
- state: restarted
-
-- import_tasks: ../../shared/handlers/nftables.yml # noqa: name[missing]
-
-...
diff --git a/roles/monitor/msmonitor/tasks/main.yml b/roles/monitor/msmonitor/tasks/main.yml
deleted file mode 100644
index 21ffa13e2e09ad71a2c7b4debadf373c8dab60cf..0000000000000000000000000000000000000000
--- a/roles/monitor/msmonitor/tasks/main.yml
+++ /dev/null
@@ -1,33 +0,0 @@
----
-
-- name: INSTALL
- ansible.builtin.include_tasks:
- file: "install.yml"
- apply:
- become: true
- tags:
- - install
- tags:
- - always
-
-- name: BASE CONFIGURATION
- ansible.builtin.include_tasks:
- file: "base.yml"
- apply:
- become: true
- tags:
- - base
- tags:
- - always
-
-- name: CONFIGURE
- ansible.builtin.include_tasks:
- file: "configure.yml"
- apply:
- become: true
- tags:
- - configure
- tags:
- - always
-
-...
diff --git a/roles/monitor/munin_node/handlers/main.yml b/roles/monitor/munin_node/handlers/main.yml
deleted file mode 100644
index c57c008ad4979a2c9caceed733170a4c4944f85d..0000000000000000000000000000000000000000
--- a/roles/monitor/munin_node/handlers/main.yml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-
-- import_tasks: ../../shared/handlers/munin-node.yml # noqa: name[missing]
-- import_tasks: ../../shared/handlers/nftables.yml # noqa: name[missing]
-
-...
diff --git a/roles/monitor/munin_node/tasks/base.yml b/roles/monitor/munin_node/tasks/base.yml
deleted file mode 100644
index fb96aaff0d855ecacec4c0a0699a29ed0e7f81c9..0000000000000000000000000000000000000000
--- a/roles/monitor/munin_node/tasks/base.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-
-- import_tasks: ../../shared/tasks/firewall_rules_files.yml # noqa: name[missing]
-
-...
diff --git a/roles/monitor/munin_node/tasks/main.yml b/roles/monitor/munin_node/tasks/main.yml
deleted file mode 100644
index 21ffa13e2e09ad71a2c7b4debadf373c8dab60cf..0000000000000000000000000000000000000000
--- a/roles/monitor/munin_node/tasks/main.yml
+++ /dev/null
@@ -1,33 +0,0 @@
----
-
-- name: INSTALL
- ansible.builtin.include_tasks:
- file: "install.yml"
- apply:
- become: true
- tags:
- - install
- tags:
- - always
-
-- name: BASE CONFIGURATION
- ansible.builtin.include_tasks:
- file: "base.yml"
- apply:
- become: true
- tags:
- - base
- tags:
- - always
-
-- name: CONFIGURE
- ansible.builtin.include_tasks:
- file: "configure.yml"
- apply:
- become: true
- tags:
- - configure
- tags:
- - always
-
-...
diff --git a/roles/monitor/munin_server/README.md b/roles/monitor/munin_server/README.md
deleted file mode 100644
index ef6ed29a48ee3230c8105e8cba205cd39e1f7b1d..0000000000000000000000000000000000000000
--- a/roles/monitor/munin_server/README.md
+++ /dev/null
@@ -1,21 +0,0 @@
-# Munin_server
-## Description
-
-The munin_server group is used to configure all hosts for publishing monitoring data
- * In a standard and HA Ubicast case, the host(s) is(are) the same as mediaserver
-
- This group is only meant to be used as a meta group (see for instance meta groups section in the [standard example inventory](../../inventories/example/std/hosts) or [HA example inventory](../../inventories/example/ha/hosts)).
-
-## Role Variables
-
-Available variables are listed below, along with the descriptions and the default values.
-
-`ubicast_customer_name`: Short name of the customer, with no spaces. This name is used in munin to group the graphs under the same name.
-```
-ubicast_customer_name: "example"
-```
-
-`munin_nodes`: List of munin_nodes with their names and IP (each element of the list is a dictionary with a "name" and a "ip" key) (Optional)
-```
-munin_nodes: []
-```
diff --git a/roles/monitor/munin_server/handlers/main.yml b/roles/monitor/munin_server/handlers/main.yml
deleted file mode 100644
index d9a776c8d068e850cccc6bce49ce6a03ca50c040..0000000000000000000000000000000000000000
--- a/roles/monitor/munin_server/handlers/main.yml
+++ /dev/null
@@ -1,15 +0,0 @@
----
-
-- name: wait for munin cron to end
- ansible.builtin.wait_for:
- path: /var/run/munin/munin-update.lock
- state: absent
- listen: "restart munin-server"
-
-- name: restart munin_server service
- ansible.builtin.service:
- name: munin
- state: restarted
- listen: "restart munin-server"
-
-...
diff --git a/roles/monitor/munin_server/tasks/base.yml b/roles/monitor/munin_server/tasks/base.yml
deleted file mode 100644
index d305cf71f2c01776bd010899bd63f0378e43480d..0000000000000000000000000000000000000000
--- a/roles/monitor/munin_server/tasks/base.yml
+++ /dev/null
@@ -1,12 +0,0 @@
----
-
-# Force munin_server restart to avoid default localdomain graph creation after remove
-- name: flush handlers
- ansible.builtin.meta: flush_handlers
-
-- name: remove default localdomain files
- ansible.builtin.file:
- path: /var/cache/munin/www/localdomain
- state: absent
-
-...
diff --git a/roles/monitor/munin_server/tasks/configure.yml b/roles/monitor/munin_server/tasks/configure.yml
deleted file mode 100644
index 2bcca3086f4b6add056245e93a0d409f71e751f2..0000000000000000000000000000000000000000
--- a/roles/monitor/munin_server/tasks/configure.yml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-
-- name: CONFIGURE MUNIN-SERVER
- ansible.builtin.include_tasks: "configure/main-configuration.yml"
- when:
- - ubicast_customer_name is defined
-
-...
diff --git a/roles/monitor/munin_server/tasks/install.yml b/roles/monitor/munin_server/tasks/install.yml
deleted file mode 100644
index b156f4c58e930fcb9edaaf22fc78c145d328bbfc..0000000000000000000000000000000000000000
--- a/roles/monitor/munin_server/tasks/install.yml
+++ /dev/null
@@ -1,13 +0,0 @@
----
-
-- name: install required packages for munin server
- ansible.builtin.apt:
- force_apt_get: true
- install_recommends: false
- state: present
- name: "{{ munin_server_packages }}"
- register: apt_status
- retries: 60
- until: apt_status is success or ('Failed to lock apt for exclusive operation' not in apt_status.msg and '/var/lib/dpkg/lock' not in apt_status.msg)
-
-...
diff --git a/roles/monitor/munin_server/tasks/main.yml b/roles/monitor/munin_server/tasks/main.yml
deleted file mode 100644
index 21ffa13e2e09ad71a2c7b4debadf373c8dab60cf..0000000000000000000000000000000000000000
--- a/roles/monitor/munin_server/tasks/main.yml
+++ /dev/null
@@ -1,33 +0,0 @@
----
-
-- name: INSTALL
- ansible.builtin.include_tasks:
- file: "install.yml"
- apply:
- become: true
- tags:
- - install
- tags:
- - always
-
-- name: BASE CONFIGURATION
- ansible.builtin.include_tasks:
- file: "base.yml"
- apply:
- become: true
- tags:
- - base
- tags:
- - always
-
-- name: CONFIGURE
- ansible.builtin.include_tasks:
- file: "configure.yml"
- apply:
- become: true
- tags:
- - configure
- tags:
- - always
-
-...
diff --git a/roles/monitor/munin_server/vars/main.yml b/roles/monitor/munin_server/vars/main.yml
deleted file mode 100644
index 6c971875045f3c50288890353e08e2b4f9fb92cd..0000000000000000000000000000000000000000
--- a/roles/monitor/munin_server/vars/main.yml
+++ /dev/null
@@ -1,7 +0,0 @@
----
-
-# Packages required for the group
-munin_server_packages:
- - munin
-
-...
diff --git a/roles/netcapture/tasks/configure.yml b/roles/netcapture/tasks/configure.yml
deleted file mode 100644
index 4abd6f7e69542ece4e3ef6fec96dce31a9de1e5c..0000000000000000000000000000000000000000
--- a/roles/netcapture/tasks/configure.yml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-
-- name: MAIN NETCAPTURE CONFIGURATION FILE
- ansible.builtin.include_tasks: "configure/main-configure.yml"
- when:
- - netcapture_mm_url is defined
- - netcapture_mm_ssl is defined
-
-...
diff --git a/roles/nftables/README.md b/roles/nftables/README.md
deleted file mode 100644
index 8632dd85f1657644a2df3f82c6612caeba1fbdc4..0000000000000000000000000000000000000000
--- a/roles/nftables/README.md
+++ /dev/null
@@ -1,4 +0,0 @@
-# Nftables
-## Description
-
-Install and configure the nftables firewall
diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml
deleted file mode 100644
index 5489c96f5fdafb340fd2c1d566cb768977d6e6f9..0000000000000000000000000000000000000000
--- a/roles/nginx/tasks/main.yml
+++ /dev/null
@@ -1,23 +0,0 @@
----
-
-- name: INSTALL
- ansible.builtin.include_tasks:
- file: "install.yml"
- apply:
- become: true
- tags:
- - install
- tags:
- - always
-
-- name: BASE CONFIGURATION
- ansible.builtin.include_tasks:
- file: "base.yml"
- apply:
- become: true
- tags:
- - base
- tags:
- - always
-
-...
diff --git a/roles/mediacache/README.md b/roles/nudgis/cache/README.md
similarity index 88%
rename from roles/mediacache/README.md
rename to roles/nudgis/cache/README.md
index f38c77601ab7a34d792d8a2e3f3135ceab6cb3ea..0e73005ec492d1711ccd479ff5f7319baa830590 100644
--- a/roles/mediacache/README.md
+++ b/roles/nudgis/cache/README.md
@@ -1,7 +1,7 @@
-# Mediacache
+# Cache
## Description
-The Nudgis cache group is used to configure all hosts that will server as a proxy cache of live and/or vod.
+The cache group is used to configure all hosts that will server as a proxy cache of live and/or vod.
## Role Variables
diff --git a/roles/mediacache/defaults/main.yml b/roles/nudgis/cache/defaults/main.yml
similarity index 100%
rename from roles/mediacache/defaults/main.yml
rename to roles/nudgis/cache/defaults/main.yml
diff --git a/roles/nudgis/cache/handlers/main.yml b/roles/nudgis/cache/handlers/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..0418a9e33d904c97e1095689e948871ebe38929d
--- /dev/null
+++ b/roles/nudgis/cache/handlers/main.yml
@@ -0,0 +1,10 @@
+---
+
+- name: "Restart nginx"
+ ansible.builtin.systemd:
+ name: nginx
+ state: restarted
+
+- ansible.builtin.import_tasks: ../../shared/handlers/nftables.yml
+
+...
diff --git a/roles/mediacache/meta/main.yml b/roles/nudgis/cache/meta/main.yml
similarity index 100%
rename from roles/mediacache/meta/main.yml
rename to roles/nudgis/cache/meta/main.yml
diff --git a/roles/mediacache/tasks/base.yml b/roles/nudgis/cache/tasks/base.yml
similarity index 59%
rename from roles/mediacache/tasks/base.yml
rename to roles/nudgis/cache/tasks/base.yml
index 0c9a935818c471a9cd231c7ad87d3eed75fc3b67..034826158f9cebded9bbb26909e269cfc60304b3 100644
--- a/roles/mediacache/tasks/base.yml
+++ b/roles/nudgis/cache/tasks/base.yml
@@ -1,12 +1,12 @@
---
-- name: Ensure /etc/munin/plugin-conf.d/ directory exist
+- name: "Ensure /etc/munin/plugin-conf.d/ directory exist"
ansible.builtin.file:
dest: /etc/munin/plugin-conf.d
state: directory
mode: "750"
-- name: Configure mediacache nginx monitoring plugin
+- name: "Configure Nudgis Cache nginx monitoring plugin"
ansible.builtin.copy:
content: |
[nginx_ubicast_multi]
@@ -14,9 +14,9 @@
dest: /etc/munin/plugin-conf.d/nginx_ubicast_multi
mode: "644"
-- import_tasks: ../../shared/tasks/firewall_rules_files.yml # noqa: name[missing]
+- ansible.builtin.import_tasks: ../../shared/tasks/firewall_rules_files.yml
-- name: flush handlers
+- name: "Flush handlers"
ansible.builtin.meta: flush_handlers
...
diff --git a/roles/mediacache/tasks/configure.yml b/roles/nudgis/cache/tasks/configure.yml
similarity index 75%
rename from roles/mediacache/tasks/configure.yml
rename to roles/nudgis/cache/tasks/configure.yml
index ea4b7ba0ef7c368c5758dff33b78f365e81f0fb9..e6ae46276c45b2e0d1091bbe0e2d0f28fcfc41f8 100644
--- a/roles/mediacache/tasks/configure.yml
+++ b/roles/nudgis/cache/tasks/configure.yml
@@ -1,33 +1,33 @@
---
-- name: CONFIGURE LOCALHOST NAME RESOLUTION
+- name: "CONFIGURE LOCALHOST NAME RESOLUTION"
ansible.builtin.include_tasks: "configure/local-resolution.yml"
when:
- cache_domain is defined
-- name: CONFIGURE VOD FOLDER
+- name: "CONFIGURE VOD FOLDER"
ansible.builtin.include_tasks: "configure/vod.yml"
when:
- cache_vod_folder is defined
- cache_vod_size is defined
-- name: CONFIGURE LIVE FOLDER
+- name: "CONFIGURE LIVE FOLDER"
ansible.builtin.include_tasks: "configure/live.yml"
when:
- cache_live_folder is defined
- cache_live_size is defined
-- name: CONFIGURE NUDGIS CACHE VHOST
+- name: "CONFIGURE NUDGIS CACHE VHOST"
ansible.builtin.include_tasks: "configure/nginx-vhost.yml"
when:
- cache_domain is defined
-- name: CONFIGURE VOD UPSTREAM DOMAIN
+- name: "CONFIGURE VOD UPSTREAM DOMAIN"
ansible.builtin.include_tasks: "configure/nginx-vod-upstream.yml"
when:
- nudgis_front_domain is defined
-- name: CONFIGURE LIVE UPSTREAM DOMAIN
+- name: "CONFIGURE LIVE UPSTREAM DOMAIN"
ansible.builtin.include_tasks: "configure/nginx-live-upstream.yml"
when:
- live_domain is defined
diff --git a/roles/mediacache/tasks/configure/live.yml b/roles/nudgis/cache/tasks/configure/live.yml
similarity index 69%
rename from roles/mediacache/tasks/configure/live.yml
rename to roles/nudgis/cache/tasks/configure/live.yml
index 36b4ae3e592db7274da25fe14ef047ccd5c0de08..f734de3ec6704f53d424aa51a741e06e24ddbf22 100644
--- a/roles/mediacache/tasks/configure/live.yml
+++ b/roles/nudgis/cache/tasks/configure/live.yml
@@ -1,6 +1,6 @@
---
-- name: create mediacache live data directory
+- name: "Create the Nudgis Cache live data directory"
ansible.builtin.file:
dest: "{{ cache_live_folder }}"
state: directory
@@ -9,15 +9,15 @@
mode: "0700"
when: live_domain is defined
-- name: fill the mediacache zones file - Live folder
- notify: restart nginx
+- name: "Fill the Nudgis Cache zones file - Live folder"
+ notify: "Restart nginx"
ansible.builtin.replace:
path: /etc/mediacache/nginx-zones.conf
regexp: /var/cache/nginx/mediacache-live
replace: "{{ cache_live_folder }}"
-- name: fill the mediacache zones file - Live folder size
- notify: restart nginx
+- name: "Fill the Nudgis Cache zones file - Live folder size"
+ notify: "Restart nginx"
ansible.builtin.replace:
path: /etc/mediacache/nginx-zones.conf
regexp: (?P<key>keys_zone=mediacache-live.*max_size=).*(?P<unit>g)
diff --git a/roles/mediacache/tasks/configure/local-resolution.yml b/roles/nudgis/cache/tasks/configure/local-resolution.yml
similarity index 73%
rename from roles/mediacache/tasks/configure/local-resolution.yml
rename to roles/nudgis/cache/tasks/configure/local-resolution.yml
index 021c46a111291fd4464972599962c98e4e6b958f..bc3edad8b99f6e74396f19561820ef007aa5db5e 100644
--- a/roles/mediacache/tasks/configure/local-resolution.yml
+++ b/roles/nudgis/cache/tasks/configure/local-resolution.yml
@@ -1,6 +1,6 @@
---
-- name: resolve domain name to localhost
+- name: "Resolve domain name to localhost"
ansible.builtin.lineinfile:
path: /etc/hosts
line: 127.0.1.1 {{ cache_domain }}
diff --git a/roles/mediacache/tasks/configure/nginx-live-upstream.yml b/roles/nudgis/cache/tasks/configure/nginx-live-upstream.yml
similarity index 71%
rename from roles/mediacache/tasks/configure/nginx-live-upstream.yml
rename to roles/nudgis/cache/tasks/configure/nginx-live-upstream.yml
index e0ce241264a7f33c9e0b9ee09df18fd030293568..df31b7750cebf9cbc9786c6b1e7c47e448a8caf6 100644
--- a/roles/mediacache/tasks/configure/nginx-live-upstream.yml
+++ b/roles/nudgis/cache/tasks/configure/nginx-live-upstream.yml
@@ -1,7 +1,7 @@
---
-- name: fill the nginx Live proxypass
- notify: restart nginx
+- name: "Fill the nginx Live proxypass"
+ notify: "Restart nginx"
ansible.builtin.replace:
path: /etc/mediacache/nginx-proxy-live.conf
regexp: ^(proxy_pass)\s+.*(;)$
diff --git a/roles/mediacache/tasks/configure/nginx-vhost.yml b/roles/nudgis/cache/tasks/configure/nginx-vhost.yml
similarity index 74%
rename from roles/mediacache/tasks/configure/nginx-vhost.yml
rename to roles/nudgis/cache/tasks/configure/nginx-vhost.yml
index 2e5f1424afab128cc6d8a5e85bbf3099372a6751..853ff9319c130273afb2d18fa5766490a5ddd026 100644
--- a/roles/mediacache/tasks/configure/nginx-vhost.yml
+++ b/roles/nudgis/cache/tasks/configure/nginx-vhost.yml
@@ -1,7 +1,7 @@
---
-- name: fill the vhost file
- notify: restart nginx
+- name: "Fill the vhost file"
+ notify: "Restart nginx"
ansible.builtin.replace:
path: /etc/nginx/sites-available/mediacache.conf
regexp: ^(\s+server_name)\s+.*(;)$
diff --git a/roles/mediacache/tasks/configure/nginx-vod-upstream.yml b/roles/nudgis/cache/tasks/configure/nginx-vod-upstream.yml
similarity index 73%
rename from roles/mediacache/tasks/configure/nginx-vod-upstream.yml
rename to roles/nudgis/cache/tasks/configure/nginx-vod-upstream.yml
index 17bed7d3fa86d9affdfb07dfa7cf60150389e2e4..d2f6ee7571e42ddc37130169c4c8498e491020d6 100644
--- a/roles/mediacache/tasks/configure/nginx-vod-upstream.yml
+++ b/roles/nudgis/cache/tasks/configure/nginx-vod-upstream.yml
@@ -1,7 +1,7 @@
---
-- name: fill the nginx VOD proxypass
- notify: restart nginx
+- name: "Fill the nginx VOD proxypass"
+ notify: "Restart nginx"
ansible.builtin.replace:
path: /etc/mediacache/nginx-proxy-mediaserver.conf
regexp: ^(proxy_pass)\s+.*(;)$
diff --git a/roles/mediacache/tasks/configure/vod.yml b/roles/nudgis/cache/tasks/configure/vod.yml
similarity index 68%
rename from roles/mediacache/tasks/configure/vod.yml
rename to roles/nudgis/cache/tasks/configure/vod.yml
index 5ce6f9db7556d5a74134868b8590eac04aef75fe..392c5d57ffa8fe47fe8eab06ce132c7254df8fcf 100644
--- a/roles/mediacache/tasks/configure/vod.yml
+++ b/roles/nudgis/cache/tasks/configure/vod.yml
@@ -1,6 +1,6 @@
---
-- name: create mediacache VOD data directory
+- name: "Create the Nudgis Cache VOD data directory"
ansible.builtin.file:
dest: "{{ cache_vod_folder }}"
state: directory
@@ -8,15 +8,15 @@
group: root
mode: "0700"
-- name: fill the mediacache zones file - VOD folder
- notify: restart nginx
+- name: "Fill the Nudgis Cache zones file - VOD folder"
+ notify: "Restart nginx"
ansible.builtin.replace:
path: /etc/mediacache/nginx-zones.conf
regexp: /var/cache/nginx/mediacache-vod
replace: "{{ cache_vod_folder }}"
-- name: fill the mediacache zones file - VOD folder size
- notify: restart nginx
+- name: "Fill the Nudgis Cache zones file - VOD folder size"
+ notify: "Restart nginx"
ansible.builtin.replace:
path: /etc/mediacache/nginx-zones.conf
regexp: (?P<key>keys_zone=mediacache-vod.*max_size=).*(?P<unit>g)
diff --git a/roles/mediacache/tasks/install.yml b/roles/nudgis/cache/tasks/install.yml
similarity index 88%
rename from roles/mediacache/tasks/install.yml
rename to roles/nudgis/cache/tasks/install.yml
index e78f0f298d5661b2074754592e5f810d150ffb02..4d54f12faddc75169158f62cd9598f8fc1a7d917 100644
--- a/roles/mediacache/tasks/install.yml
+++ b/roles/nudgis/cache/tasks/install.yml
@@ -1,6 +1,6 @@
---
-- name: MediaCache packages installation
+- name: "MediaCache packages installation"
ansible.builtin.apt:
force_apt_get: true
install_recommends: false
diff --git a/roles/mediacache/tasks/main.yml b/roles/nudgis/cache/tasks/main.yml
similarity index 86%
rename from roles/mediacache/tasks/main.yml
rename to roles/nudgis/cache/tasks/main.yml
index 21ffa13e2e09ad71a2c7b4debadf373c8dab60cf..4831cba3254f3aff6f910d96e3ebc3ebab9c7388 100644
--- a/roles/mediacache/tasks/main.yml
+++ b/roles/nudgis/cache/tasks/main.yml
@@ -1,6 +1,6 @@
---
-- name: INSTALL
+- name: "INSTALL"
ansible.builtin.include_tasks:
file: "install.yml"
apply:
@@ -10,7 +10,7 @@
tags:
- always
-- name: BASE CONFIGURATION
+- name: "BASE CONFIGURATION"
ansible.builtin.include_tasks:
file: "base.yml"
apply:
@@ -20,7 +20,7 @@
tags:
- always
-- name: CONFIGURE
+- name: "CONFIGURE"
ansible.builtin.include_tasks:
file: "configure.yml"
apply:
diff --git a/roles/mediacache/vars/main.yml b/roles/nudgis/cache/vars/main.yml
similarity index 100%
rename from roles/mediacache/vars/main.yml
rename to roles/nudgis/cache/vars/main.yml
diff --git a/roles/mediaserver/README.md b/roles/nudgis/front/README.md
similarity index 94%
rename from roles/mediaserver/README.md
rename to roles/nudgis/front/README.md
index 177b15aa38573ace36f35756333b56bb7c8c0a1c..2af5b1d5cf4ce0403c9f87d994b99f8a6242db8e 100644
--- a/roles/mediaserver/README.md
+++ b/roles/nudgis/front/README.md
@@ -1,7 +1,7 @@
-# Mediaserver
+# Front
## Description
-The mediaserver group is used to configure all hosts with the UbiCast platform to handle and to broadcast media.
+The front group is used to configure all hosts with the UbiCast platform to handle and to broadcast media.
* In a standard Ubicast case, the host is the same as other component (mirismanager, etc.)
* In a HA Ubicast case, the mediaserver is usually a cluster of two (or more) dedicated servers behind a loadbalancer VIP setup in active/active
diff --git a/roles/mediaserver/defaults/main.yml b/roles/nudgis/front/defaults/main.yml
similarity index 100%
rename from roles/mediaserver/defaults/main.yml
rename to roles/nudgis/front/defaults/main.yml
diff --git a/roles/mediaserver/files/install.example.ini b/roles/nudgis/front/files/install.example.ini
similarity index 99%
rename from roles/mediaserver/files/install.example.ini
rename to roles/nudgis/front/files/install.example.ini
index 85732b236dd335e5b64b93e2a8cdcc0d2ad665a0..78339933b4aa492cb2ae214aabb59bb6342d9a6b 100644
--- a/roles/mediaserver/files/install.example.ini
+++ b/roles/nudgis/front/files/install.example.ini
@@ -35,3 +35,4 @@
# When using multiple frontend servers, this directory must be shared by all servers (NAS).
# Example: `/data`. If no value is set, `/var/lock` will be used.
# MSCONTROLLER_LOCKS_DIR =
+
diff --git a/roles/nudgis/front/handlers/main.yml b/roles/nudgis/front/handlers/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..5bc5a4025fc69b45da76f002afbef0151590ee94
--- /dev/null
+++ b/roles/nudgis/front/handlers/main.yml
@@ -0,0 +1,21 @@
+---
+
+- name: "Restart nginx"
+ ansible.builtin.systemd:
+ name: nginx
+ state: restarted
+
+- name: "Restart mediaserver"
+ ansible.builtin.systemd:
+ name: mediaserver
+ state: restarted
+
+- name: "Restart systemd-sysusers"
+ ansible.builtin.systemd:
+ name: systemd-sysusers
+ state: restarted
+
+- ansible.builtin.import_tasks: ../../shared/handlers/munin-node.yml
+- ansible.builtin.import_tasks: ../../shared/handlers/nftables.yml
+
+...
diff --git a/roles/monitor/msmonitor/meta/main.yml b/roles/nudgis/front/meta/main.yml
similarity index 51%
rename from roles/monitor/msmonitor/meta/main.yml
rename to roles/nudgis/front/meta/main.yml
index ad264ffe1b8a5e114d104329cfcf189d3e268c4b..87563160c08f72eb09c251e751e386830c6e6335 100644
--- a/roles/monitor/msmonitor/meta/main.yml
+++ b/roles/nudgis/front/meta/main.yml
@@ -1,6 +1,6 @@
---
dependencies:
- - role: nginx
+ - role: nudgis/nginx
...
diff --git a/roles/mediaserver/tasks/base.yml b/roles/nudgis/front/tasks/base.yml
similarity index 60%
rename from roles/mediaserver/tasks/base.yml
rename to roles/nudgis/front/tasks/base.yml
index 3ebc6a483197604c4bde2ea661ed08d196172b6e..e7be6e9bc47a37d76f0dc928fccda829c1ce8631 100644
--- a/roles/mediaserver/tasks/base.yml
+++ b/roles/nudgis/front/tasks/base.yml
@@ -1,17 +1,17 @@
---
-- name: enable and start the clamav-freshclam service
+- name: "Enable and start the clamav-freshclam service"
ansible.builtin.service:
name: clamav-freshclam
enabled: true
state: started
-- name: Stats Nudgis Front main configuration file
+- name: "Stats Nudgis Front main configuration file"
ansible.builtin.stat:
path: "/etc/mediaserver/install.ini"
register: nudgis_config
-- name: Populate Nudgis Front base configuration with example values
+- name: "Populate Nudgis Front base configuration with example values"
when: nudgis_config.stat.size == 0
ansible.builtin.copy:
src: "/etc/mediaserver/install.example.ini"
@@ -19,9 +19,9 @@
mode: "preserve"
remote_src: true
-- import_tasks: ../../shared/tasks/firewall_rules_files.yml # noqa: name[missing]
+- ansible.builtin.import_tasks: ../../shared/tasks/firewall_rules_files.yml
-- name: flush handlers
+- name: "Flush handlers"
ansible.builtin.meta: flush_handlers
...
diff --git a/roles/mediaserver/tasks/configure.yml b/roles/nudgis/front/tasks/configure.yml
similarity index 73%
rename from roles/mediaserver/tasks/configure.yml
rename to roles/nudgis/front/tasks/configure.yml
index 1656dfb3c81bf8fba07175cec0f5ed205eb0d75f..876c3a47fa884448b23d62aa88cc8133a25302c1 100644
--- a/roles/mediaserver/tasks/configure.yml
+++ b/roles/nudgis/front/tasks/configure.yml
@@ -1,30 +1,30 @@
---
-- name: CONFIGURE DATABASE
+- name: "CONFIGURE DATABASE"
ansible.builtin.include_tasks: "configure/database.yml"
when:
- nudgis_front_database_domain is defined
- nudgis_front_database_port is defined
- nudgis_front_database_password is defined
-- name: CONFIGURE INSTANCES DIRECTORY
+- name: "CONFIGURE INSTANCIES DIRECTORY"
ansible.builtin.include_tasks: "configure/data-dirs.yml"
-- name: CONFIGURE MSCONTROLLER LOCKS DIRECTORY
+- name: "CONFIGURE MSCONTROLLER LOCKS DIRECTORY"
ansible.builtin.include_tasks: "configure/locks-dirs.yml"
-- name: CONFIGURE NUDGIS EMAIL SENDER ADDRESS
+- name: "CONFIGURE NUDGIS EMAIL SENDER ADDRESS"
ansible.builtin.include_tasks: "configure/email.yml"
when:
- nudgis_front_email_from is defined
-- name: CONFIGURE CELERITY SERVER VARIABLES
+- name: "CONFIGURE CELERITY SERVER VARIABLES"
ansible.builtin.include_tasks: "configure/celerity.yml"
when:
- celerity_server_domain is defined
- celerity_signing_key is defined
-- name: CREATE FIRST INSTANCE
+- name: "CREATE FIRST INSTANCE"
ansible.builtin.include_tasks: "configure/instance.yml"
when:
- nudgis_front_domain is defined
@@ -34,10 +34,10 @@
- manager_domain is defined
# Should only be played in High Availibility cases
-- name: HA CONFIGURATIONS SYNCHRONIZATION
+- name: "HA CONFIGURATIONS SYNCHRONIZATION"
ansible.builtin.include_tasks: "configure/synchronize.yml"
when:
- - "'mediaserver' in groups"
- - groups['mediaserver'] | length > 1
+ - "'front' in groups"
+ - groups['front'] | length > 1
...
diff --git a/roles/mediaserver/tasks/configure/celerity.yml b/roles/nudgis/front/tasks/configure/celerity.yml
similarity index 85%
rename from roles/mediaserver/tasks/configure/celerity.yml
rename to roles/nudgis/front/tasks/configure/celerity.yml
index e590be18d4df325f2561bbb41f87b5f74f0424df..4c7ce3f0a4132370a9b37412f3ceca8e18643515 100644
--- a/roles/mediaserver/tasks/configure/celerity.yml
+++ b/roles/nudgis/front/tasks/configure/celerity.yml
@@ -1,6 +1,6 @@
---
-- name: Update the MS configuration with the celerity server IP
+- name: "Update the MS configuration with the celerity server IP"
ansible.builtin.lineinfile:
path: /etc/mediaserver/msconf.py
regexp: "^CELERITY_SERVER_URL = "
@@ -12,7 +12,7 @@
# The instances cannot be in a common group as of now => https://redmine.ubicast.net/issues/33046
mode: "0644"
-- name: Update the MS configuration with the celerity server secret
+- name: "Update the MS configuration with the celerity server secret"
ansible.builtin.lineinfile:
path: /etc/mediaserver/msconf.py
regexp: "^CELERITY_SIGNING_KEY = "
diff --git a/roles/mediaserver/tasks/configure/data-dirs.yml b/roles/nudgis/front/tasks/configure/data-dirs.yml
similarity index 88%
rename from roles/mediaserver/tasks/configure/data-dirs.yml
rename to roles/nudgis/front/tasks/configure/data-dirs.yml
index 4a9af6b45086fcd6bab9e33a5a27131689528f4f..d4f02c98bca24a37c1fca22de39c031760660a3d 100644
--- a/roles/mediaserver/tasks/configure/data-dirs.yml
+++ b/roles/nudgis/front/tasks/configure/data-dirs.yml
@@ -1,6 +1,6 @@
---
-- name: Configure instances directories
+- name: "Configure instances directories"
ansible.builtin.replace:
path: /etc/mediaserver/install.ini
regexp: '^(\s*)#?\s*{{ item.name }}\s*=.*$'
diff --git a/roles/mediaserver/tasks/configure/database.yml b/roles/nudgis/front/tasks/configure/database.yml
similarity index 58%
rename from roles/mediaserver/tasks/configure/database.yml
rename to roles/nudgis/front/tasks/configure/database.yml
index dba208599d9b3f029cbec64a61e26ffae72f5673..8fd9a50ab2004bade08e1a6bd1eeae245d7f1642 100644
--- a/roles/mediaserver/tasks/configure/database.yml
+++ b/roles/nudgis/front/tasks/configure/database.yml
@@ -1,13 +1,13 @@
---
-- name: Configure database
+- name: "Configure database"
ansible.builtin.replace:
path: /etc/mediaserver/install.ini
regexp: '^(\s*)#?\s*{{ item.name }}\s*=.*$'
replace: '\1{{ item.name }} = {{ item.value }}'
loop:
- - { name: 'DB_HOST', value: '{{ nudgis_front_database_domain }}' } # noqa: yaml[commas]
- - { name: 'DB_PORT', value: '{{ nudgis_front_database_port }}' } # noqa: yaml[commas]
+ - { name: 'DB_HOST', value: '{{ nudgis_front_database_domain }}' }
+ - { name: 'DB_PORT', value: '{{ nudgis_front_database_port }}' }
- { name: 'DB_ROOT_PWD', value: '{{ nudgis_front_database_password }}' }
# /!\ Does not alter the already created instances /!\
diff --git a/roles/mediaserver/tasks/configure/email.yml b/roles/nudgis/front/tasks/configure/email.yml
similarity index 87%
rename from roles/mediaserver/tasks/configure/email.yml
rename to roles/nudgis/front/tasks/configure/email.yml
index 57ced556c960e8906ea5d2bd529a9fcb22a61b75..53633a1e2f584587bb62b12f699427f431656553 100644
--- a/roles/mediaserver/tasks/configure/email.yml
+++ b/roles/nudgis/front/tasks/configure/email.yml
@@ -1,8 +1,8 @@
---
-- name: configure email sender address
+- name: "Configure email sender address"
notify:
- - restart mediaserver
+ - "Restart mediaserver"
ansible.builtin.lineinfile:
path: /etc/mediaserver/msconf.py
backup: true
diff --git a/roles/mediaserver/tasks/configure/instance.yml b/roles/nudgis/front/tasks/configure/instance.yml
similarity index 84%
rename from roles/mediaserver/tasks/configure/instance.yml
rename to roles/nudgis/front/tasks/configure/instance.yml
index f84329b1547e384f9ec84d8281fb44f5ab0706f6..0ab22ff143016d4d0dfce53b1d2235ccda503a6b 100644
--- a/roles/mediaserver/tasks/configure/instance.yml
+++ b/roles/nudgis/front/tasks/configure/instance.yml
@@ -1,9 +1,7 @@
---
-- name: create instance
- notify:
- - Setup munin-node plugins link
- - Restart munin-node service
+- name: "Create instance"
+ notify: "Configure and restart munin-node"
ansible.builtin.command:
cmd: >
mscontroller.py add -u "{{ nudgis_front_system_user }}" -t '{
diff --git a/roles/mediaserver/tasks/configure/locks-dirs.yml b/roles/nudgis/front/tasks/configure/locks-dirs.yml
similarity index 84%
rename from roles/mediaserver/tasks/configure/locks-dirs.yml
rename to roles/nudgis/front/tasks/configure/locks-dirs.yml
index 66c58ddc868e97140f9379892995f984282195d4..03c96d90b66f0a53e5e15ed41f8b7472f11373ad 100644
--- a/roles/mediaserver/tasks/configure/locks-dirs.yml
+++ b/roles/nudgis/front/tasks/configure/locks-dirs.yml
@@ -1,6 +1,6 @@
---
-- name: Configure mscontroller script locks directory
+- name: "Configure mscontroller script locks directory"
ansible.builtin.replace:
path: /etc/mediaserver/install.ini
regexp: '^(\s*)#?\s*{{ item.name }}\s*=.*$'
diff --git a/roles/nudgis/front/tasks/configure/synchronize.yml b/roles/nudgis/front/tasks/configure/synchronize.yml
new file mode 100644
index 0000000000000000000000000000000000000000..230ca8f26de5fff6f078618dca3123ce6b4f9773
--- /dev/null
+++ b/roles/nudgis/front/tasks/configure/synchronize.yml
@@ -0,0 +1,46 @@
+---
+
+- name: "Fetch ssh public key"
+ register: root_ssh_pubkey
+ ansible.builtin.slurp:
+ path: /root/.ssh/id_ed25519.pub
+ tags: always
+
+- name: "Register ssh public key as an ansible fact"
+ ansible.builtin.set_fact:
+ pubkey: "{{ root_ssh_pubkey['content'] | b64decode }}"
+ tags: always
+
+- name: "Share ssh public key between cluster members"
+ loop: "{{ groups['front'] }}"
+ ansible.posix.authorized_key:
+ user: root
+ key: "{{ hostvars[item]['pubkey'] }}"
+ tags: always
+
+- name: "Synchronize configuration between servers" # noqa: command-instead-of-module
+ # Cannot use the ansible synchronization module, cause there is no way to set a destination IP intead of the destination ansible hostname
+
+ when:
+ - inventory_hostname != groups['front'][0]
+ loop:
+ - /etc/mediaserver
+ - /etc/nginx
+ - /etc/sysusers.d
+ - /var/www
+ ansible.builtin.command: |
+ rsync \
+ -avh \
+ -e "ssh -o StrictHostKeyChecking=no" \
+ --delete \
+ "{{ item }}/" \
+ "root@{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}:{{ item }}/"
+ notify:
+ - "Restart systemd-sysusers"
+ - "Restart nginx"
+ - "Restart mediaserver"
+ delegate_to: "{{ groups['front'][0] }}"
+ changed_when: false
+ tags: fronts-synchronize
+
+...
diff --git a/roles/mediaserver/tasks/install.yml b/roles/nudgis/front/tasks/install.yml
similarity index 91%
rename from roles/mediaserver/tasks/install.yml
rename to roles/nudgis/front/tasks/install.yml
index 52dfec49e085fba0e11b48dc4af87e7a77e1cfb3..2e7cbc6453d17a0a4a628110d6b95b97c06dcbbe 100644
--- a/roles/mediaserver/tasks/install.yml
+++ b/roles/nudgis/front/tasks/install.yml
@@ -1,6 +1,6 @@
---
-- name: mediaserver install
+- name: "Nudgis Front install"
ansible.builtin.apt:
force_apt_get: true
install_recommends: false
diff --git a/roles/celerity/tasks/main.yml b/roles/nudgis/front/tasks/main.yml
similarity index 86%
rename from roles/celerity/tasks/main.yml
rename to roles/nudgis/front/tasks/main.yml
index 21ffa13e2e09ad71a2c7b4debadf373c8dab60cf..4831cba3254f3aff6f910d96e3ebc3ebab9c7388 100644
--- a/roles/celerity/tasks/main.yml
+++ b/roles/nudgis/front/tasks/main.yml
@@ -1,6 +1,6 @@
---
-- name: INSTALL
+- name: "INSTALL"
ansible.builtin.include_tasks:
file: "install.yml"
apply:
@@ -10,7 +10,7 @@
tags:
- always
-- name: BASE CONFIGURATION
+- name: "BASE CONFIGURATION"
ansible.builtin.include_tasks:
file: "base.yml"
apply:
@@ -20,7 +20,7 @@
tags:
- always
-- name: CONFIGURE
+- name: "CONFIGURE"
ansible.builtin.include_tasks:
file: "configure.yml"
apply:
diff --git a/roles/mediaserver/vars/main.yml b/roles/nudgis/front/vars/main.yml
similarity index 100%
rename from roles/mediaserver/vars/main.yml
rename to roles/nudgis/front/vars/main.yml
diff --git a/roles/haproxy/README.md b/roles/nudgis/haproxy/README.md
similarity index 100%
rename from roles/haproxy/README.md
rename to roles/nudgis/haproxy/README.md
diff --git a/roles/haproxy/handlers/main.yml b/roles/nudgis/haproxy/handlers/main.yml
similarity index 75%
rename from roles/haproxy/handlers/main.yml
rename to roles/nudgis/haproxy/handlers/main.yml
index 8c0e406861b2c586a396f64d18f3a4d00ca20f04..12b1b2ee844588801198fb837a54df2646892668 100644
--- a/roles/haproxy/handlers/main.yml
+++ b/roles/nudgis/haproxy/handlers/main.yml
@@ -1,6 +1,6 @@
---
-- name: reload haproxy
+- name: "Reload haproxy"
ansible.builtin.systemd:
name: haproxy
state: reloaded
diff --git a/roles/haproxy/tasks/base.yml b/roles/nudgis/haproxy/tasks/base.yml
similarity index 55%
rename from roles/haproxy/tasks/base.yml
rename to roles/nudgis/haproxy/tasks/base.yml
index 5af3d299f20a78b6b4d8f4baccfcc97add77cf7a..ec8615092ccbfc98d3f1fb6aeb82d785c75cfc4f 100644
--- a/roles/haproxy/tasks/base.yml
+++ b/roles/nudgis/haproxy/tasks/base.yml
@@ -1,13 +1,13 @@
---
-- name: configure
- notify: reload haproxy
+- name: "Configure"
+ notify: "Reload haproxy"
ansible.builtin.template:
src: haproxy.cfg.j2
dest: /etc/haproxy/haproxy.cfg
backup: true
mode: "644"
-- ansible.builtin.meta: flush_handlers # noqa name[missing]
+- ansible.builtin.meta: flush_handlers
...
diff --git a/roles/haproxy/tasks/install.yml b/roles/nudgis/haproxy/tasks/install.yml
similarity index 91%
rename from roles/haproxy/tasks/install.yml
rename to roles/nudgis/haproxy/tasks/install.yml
index 01543ad29c92018a7b3572ceb8d1fad0b35eba85..360d9b77aa59d9b9684ba51d3b501c199800333e 100644
--- a/roles/haproxy/tasks/install.yml
+++ b/roles/nudgis/haproxy/tasks/install.yml
@@ -1,6 +1,6 @@
---
-- name: install packages
+- name: "Install packages"
ansible.builtin.apt:
force_apt_get: true
install_recommends: false
diff --git a/roles/lxc/tasks/main.yml b/roles/nudgis/haproxy/tasks/main.yml
similarity index 85%
rename from roles/lxc/tasks/main.yml
rename to roles/nudgis/haproxy/tasks/main.yml
index 5489c96f5fdafb340fd2c1d566cb768977d6e6f9..0bb18f240f3c721004ecd393e94877e1cdc6dd0c 100644
--- a/roles/lxc/tasks/main.yml
+++ b/roles/nudgis/haproxy/tasks/main.yml
@@ -1,6 +1,6 @@
---
-- name: INSTALL
+- name: "INSTALL"
ansible.builtin.include_tasks:
file: "install.yml"
apply:
@@ -10,7 +10,7 @@
tags:
- always
-- name: BASE CONFIGURATION
+- name: "BASE CONFIGURATION"
ansible.builtin.include_tasks:
file: "base.yml"
apply:
diff --git a/roles/haproxy/templates/haproxy.cfg.j2 b/roles/nudgis/haproxy/templates/haproxy.cfg.j2
similarity index 100%
rename from roles/haproxy/templates/haproxy.cfg.j2
rename to roles/nudgis/haproxy/templates/haproxy.cfg.j2
diff --git a/roles/haproxy/vars/main.yml b/roles/nudgis/haproxy/vars/main.yml
similarity index 100%
rename from roles/haproxy/vars/main.yml
rename to roles/nudgis/haproxy/vars/main.yml
diff --git a/roles/nudgis/import/README.md b/roles/nudgis/import/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..92a4aec3e95587afef6b7b2e2b234cd979d89f12
--- /dev/null
+++ b/roles/nudgis/import/README.md
@@ -0,0 +1,4 @@
+# Import
+## Description
+
+The import group is used to configure all hosts that allow video to be added to the Nudgis platform via an upload (sftp, ftp(s)).
diff --git a/roles/mediaimport/handlers/main.yml b/roles/nudgis/import/handlers/main.yml
similarity index 63%
rename from roles/mediaimport/handlers/main.yml
rename to roles/nudgis/import/handlers/main.yml
index 7b0323073dbca489205457ba39c4564b0f41356d..804f3da272bc683b98300ec4f128654735adcd25 100644
--- a/roles/mediaimport/handlers/main.yml
+++ b/roles/nudgis/import/handlers/main.yml
@@ -1,34 +1,34 @@
---
-- name: reload systemd
+- name: "Reload systemd"
ansible.builtin.systemd:
daemon_reload: true
-- name: restart sshd
+- name: "Restart sshd"
ansible.builtin.systemd:
name: sshd
state: restarted
-- name: restart pure-ftpd
+- name: "Restart pure-ftpd"
ansible.builtin.systemd:
name: pure-ftpd
state: restarted
-- name: restart mysecureshell
+- name: "Restart mysecureshell"
ansible.builtin.systemd:
name: mysecureshell
state: restarted
-- name: restart mediaimport
+- name: "Restart mediaimport"
ansible.builtin.systemd:
name: mediaimport
state: restarted
-- name: restart fail2ban
+- name: "Restart fail2ban"
ansible.builtin.systemd:
name: fail2ban
state: restarted
-- import_tasks: ../../shared/handlers/nftables.yml # noqa: name[missing]
+- ansible.builtin.import_tasks: ../../shared/handlers/nftables.yml
...
diff --git a/roles/mediaimport/tasks/base.yml b/roles/nudgis/import/tasks/base.yml
similarity index 66%
rename from roles/mediaimport/tasks/base.yml
rename to roles/nudgis/import/tasks/base.yml
index 860060499f3956c362ab97e5e0383d926cd52a10..178060a5b11e9a4ba63acd19679e220f60ee7983 100644
--- a/roles/mediaimport/tasks/base.yml
+++ b/roles/nudgis/import/tasks/base.yml
@@ -1,27 +1,27 @@
---
-- name: enable password login for ssh
- notify: restart sshd
+- name: "Enable password login for ssh"
+ notify: "Restart sshd"
ansible.builtin.replace:
dest: /etc/ssh/sshd_config
regexp: ^PasswordAuthentication no
replace: "#PasswordAuthentication yes"
# mediaimport service failed without any account configured
-- name: disable mediaimport service
+- name: "Disable mediaimport service"
ansible.builtin.systemd:
name: mediaimport
enabled: false
-- name: enable mediaimport-cleanup timer
+- name: "Enable mediaimport-cleanup timer"
ansible.builtin.systemd:
name: mediaimport-cleanup.timer
enabled: true
-- name: configure mediaimport admin emails
+- name: "Configure mediaimport admin emails"
when:
- import_email_to | d(false)
- notify: restart mediaimport
+ notify: "Restart mediaimport"
ansible.builtin.template:
src: mediaimport.json.j2
dest: /etc/mediaimport/mediaimport.json
@@ -30,8 +30,8 @@
# FAIL2BAN
-- name: deploy fail2ban pure-ftpd jail
- notify: restart fail2ban
+- name: "Deploy fail2ban pure-ftpd jail"
+ notify: "Restart fail2ban"
ansible.builtin.copy:
dest: /etc/fail2ban/jail.d/pure-ftpd.conf
mode: "0644"
@@ -39,22 +39,22 @@
[pure-ftpd]
enabled = true
-- name: configure pure-ftpd jail backend
- notify: restart fail2ban
+- name: "Configure pure-ftpd jail backend"
+ notify: "Restart fail2ban"
ansible.builtin.lineinfile:
path: /etc/fail2ban/paths-overrides.local
regexp: '^pureftpd_backend'
insertafter: '[DEFAULT]'
line: 'pureftpd_backend = systemd'
-- name: flush handlers
+- name: "Flush handlers"
ansible.builtin.meta: flush_handlers
# FIREWALL
-- import_tasks: ../../shared/tasks/firewall_rules_files.yml # noqa: name[missing]
+- ansible.builtin.import_tasks: ../../shared/tasks/firewall_rules_files.yml
-- name: flush handlers
+- name: "Flush handlers"
ansible.builtin.meta: flush_handlers
...
diff --git a/roles/mediaimport/tasks/install.yml b/roles/nudgis/import/tasks/install.yml
similarity index 82%
rename from roles/mediaimport/tasks/install.yml
rename to roles/nudgis/import/tasks/install.yml
index 6fed0540c8c8f428a12a3772031cc0b792914dda..e4d649fbfb9f34b30b51f0aa40e5de5834f02c24 100644
--- a/roles/mediaimport/tasks/install.yml
+++ b/roles/nudgis/import/tasks/install.yml
@@ -1,6 +1,6 @@
---
-- name: install packages
+- name: "Install packages"
ansible.builtin.package:
force_apt_get: true
install_recommends: false
diff --git a/roles/mediaimport/tasks/main.yml b/roles/nudgis/import/tasks/main.yml
similarity index 85%
rename from roles/mediaimport/tasks/main.yml
rename to roles/nudgis/import/tasks/main.yml
index 5489c96f5fdafb340fd2c1d566cb768977d6e6f9..0bb18f240f3c721004ecd393e94877e1cdc6dd0c 100644
--- a/roles/mediaimport/tasks/main.yml
+++ b/roles/nudgis/import/tasks/main.yml
@@ -1,6 +1,6 @@
---
-- name: INSTALL
+- name: "INSTALL"
ansible.builtin.include_tasks:
file: "install.yml"
apply:
@@ -10,7 +10,7 @@
tags:
- always
-- name: BASE CONFIGURATION
+- name: "BASE CONFIGURATION"
ansible.builtin.include_tasks:
file: "base.yml"
apply:
diff --git a/roles/mediaimport/templates/mediaimport.json.j2 b/roles/nudgis/import/templates/mediaimport.json.j2
similarity index 100%
rename from roles/mediaimport/templates/mediaimport.json.j2
rename to roles/nudgis/import/templates/mediaimport.json.j2
diff --git a/roles/mediaimport/vars/main.yml b/roles/nudgis/import/vars/main.yml
similarity index 100%
rename from roles/mediaimport/vars/main.yml
rename to roles/nudgis/import/vars/main.yml
diff --git a/roles/letsencrypt/README.md b/roles/nudgis/letsencrypt/README.md
similarity index 57%
rename from roles/letsencrypt/README.md
rename to roles/nudgis/letsencrypt/README.md
index 13a130edb9e2d5272bbbdac8491d9b9e5b11be95..8ea3e86133e78246eb6c41fea7f7f38e39ac8989 100644
--- a/roles/letsencrypt/README.md
+++ b/roles/nudgis/letsencrypt/README.md
@@ -1,13 +1,15 @@
# Letsencrypt
## Description
-Install and configure Let's Encrypt tools to generate and maintain Let's Encrypt SSL certificates for the webdomains
+Install and configure Let's Encrypt tools to generate and maintain Let's Encrypt SSL certificates for the webdomains.
+The role is generating a multi-domains SSL certificate with the first domain in the list as the main one and others as alternative names.
+For usage instructions take a look at [the playbook](../../../playbooks/nudgis/letsencrypt).
## Role Variables
Available variables are listed below, along with the descriptions and the default values.
-`letsencrypt_domains`: List the domain to configure with a let's encrypt certificate. If an empty list is provided, every domain found in nginx is configured. (Optional)
+`letsencrypt_domains`: List the domain to configure with a let's encrypt certificate (Optional)
```
letsencrypt_domains: []
```
@@ -16,8 +18,3 @@ letsencrypt_domains: []
```
letsencrypt_email: "admin@example.com"
```
-
-`letsencrypt_webroot`: Default Let's Encrypt web root folder for challenges publication (Optional)
-```
-letsencrypt_webroot: "/var/www/letsencrypt"
-```
diff --git a/roles/nudgis/letsencrypt/defaults/main.yml b/roles/nudgis/letsencrypt/defaults/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..306574ff64cc2c58b1493e07a0102a55aaa3e43d
--- /dev/null
+++ b/roles/nudgis/letsencrypt/defaults/main.yml
@@ -0,0 +1,9 @@
+---
+
+# List the domain to configure with a let's encrypt certificate
+letsencrypt_domains: []
+
+# Email of the Let's Encrypt SSL certificates administrator(s)
+letsencrypt_email: "admin@example.com"
+
+...
diff --git a/roles/nudgis/letsencrypt/files/deploy-hook b/roles/nudgis/letsencrypt/files/deploy-hook
new file mode 100644
index 0000000000000000000000000000000000000000..e05eb33fb49d187e41d9b715e3a7a65dc974a85c
--- /dev/null
+++ b/roles/nudgis/letsencrypt/files/deploy-hook
@@ -0,0 +1,2 @@
+#!/usr/bin/env bash
+systemctl reload nginx
diff --git a/roles/letsencrypt/handlers/main.yml b/roles/nudgis/letsencrypt/handlers/main.yml
similarity index 75%
rename from roles/letsencrypt/handlers/main.yml
rename to roles/nudgis/letsencrypt/handlers/main.yml
index 8a97cff137ee67aeb5dd79f2058fa75ba8a28f00..d96a8bd16ce3e188511edf722d7107270b1f314d 100644
--- a/roles/letsencrypt/handlers/main.yml
+++ b/roles/nudgis/letsencrypt/handlers/main.yml
@@ -1,6 +1,6 @@
---
-- name: restart nginx
+- name: "Restart nginx"
ansible.builtin.service:
name: nginx
state: restarted
diff --git a/roles/nudgis/letsencrypt/tasks/base.yml b/roles/nudgis/letsencrypt/tasks/base.yml
new file mode 100644
index 0000000000000000000000000000000000000000..c28e1f60926024701c7d74a6e54f1d704f71cb03
--- /dev/null
+++ b/roles/nudgis/letsencrypt/tasks/base.yml
@@ -0,0 +1,21 @@
+---
+
+- name: "Create webroot directory"
+ ansible.builtin.file:
+ path: "{{ letsencrypt_webroot }}"
+ state: directory
+ mode: "755"
+
+- name: "Create deploy hook directory"
+ ansible.builtin.file:
+ path: /etc/letsencrypt/renewal-hooks/deploy
+ state: directory
+ mode: "755"
+
+- name: "Create deploy hook script"
+ ansible.builtin.copy:
+ src: deploy-hook
+ dest: /etc/letsencrypt/renewal-hooks/deploy/nginx
+ mode: "0755"
+
+...
diff --git a/roles/letsencrypt/tasks/configure.yml b/roles/nudgis/letsencrypt/tasks/configure.yml
similarity index 69%
rename from roles/letsencrypt/tasks/configure.yml
rename to roles/nudgis/letsencrypt/tasks/configure.yml
index b1d8e29a06d6a0f6ef68abde6289b963719f7c73..a556a81982a0b8170ff5791318d06119816f8c46 100644
--- a/roles/letsencrypt/tasks/configure.yml
+++ b/roles/nudgis/letsencrypt/tasks/configure.yml
@@ -1,10 +1,10 @@
---
-- name: CONFIGURE UBICAST-TESTER
+- name: "CONFIGURE UBICAST-TESTER"
ansible.builtin.include_tasks: "configure/letsencrypt-configure.yml"
when:
- letsencrypt_domains is defined
+ - letsencrypt_domains != []
- letsencrypt_email is defined
- - letsencrypt_webroot is defined
...
diff --git a/roles/nudgis/letsencrypt/tasks/configure/letsencrypt-configure.yml b/roles/nudgis/letsencrypt/tasks/configure/letsencrypt-configure.yml
new file mode 100644
index 0000000000000000000000000000000000000000..bd94275f5822c67eddafe87608333341dfd805aa
--- /dev/null
+++ b/roles/nudgis/letsencrypt/tasks/configure/letsencrypt-configure.yml
@@ -0,0 +1,47 @@
+---
+
+- name: "Test generate certificates"
+ register: letsencrypt_dry_run
+ ignore_errors: true
+ changed_when: false
+ ansible.builtin.command:
+ cmd: >
+ certbot certonly
+ --dry-run
+ -n --agree-tos -m "{{ letsencrypt_email }}"
+ --webroot -w "{{ letsencrypt_webroot }}"
+ --expand
+ -d "{{ letsencrypt_domains | join(',') }}"
+
+- name: "Exit in case of failure"
+ when: letsencrypt_dry_run is failed
+ ansible.builtin.fail:
+
+- when: letsencrypt_dry_run is succeeded
+ block:
+ - name: "Generate certificates"
+ notify: "Restart nginx"
+ ansible.builtin.command:
+ cmd: >
+ certbot certonly
+ -n --agree-tos -m "{{ letsencrypt_email }}"
+ --webroot -w "{{ letsencrypt_webroot }}"
+ --expand
+ -d "{{ letsencrypt_domains | join(',') }}"
+ creates: "/etc/letsencrypt/live/{{ letsencrypt_domains[0] }}/privkey.pem"
+
+ - name: "Update nginx certificate configuration"
+ notify: "Restart nginx"
+ ansible.builtin.lineinfile:
+ path: /etc/nginx/conf.d/ssl_certificate.conf
+ regexp: 'ssl_certificate\s+([\w/\-\_\.]+);'
+ line: "ssl_certificate /etc/letsencrypt/live/{{ letsencrypt_domains[0] }}/fullchain.pem;"
+
+ - name: "Update nginx certificate key configuration"
+ notify: "Restart nginx"
+ ansible.builtin.lineinfile:
+ path: /etc/nginx/conf.d/ssl_certificate.conf
+ regexp: 'ssl_certificate_key\s+([\w/\-\_\.]+);'
+ line: "ssl_certificate_key /etc/letsencrypt/live/{{ letsencrypt_domains[0] }}/privkey.pem;"
+
+...
diff --git a/roles/letsencrypt/tasks/install.yml b/roles/nudgis/letsencrypt/tasks/install.yml
similarity index 80%
rename from roles/letsencrypt/tasks/install.yml
rename to roles/nudgis/letsencrypt/tasks/install.yml
index d7d96d4480c865f7047634606c8c397bb41d73eb..f033734b0475ed99f7c1005bd01a8e6bd4210145 100644
--- a/roles/letsencrypt/tasks/install.yml
+++ b/roles/nudgis/letsencrypt/tasks/install.yml
@@ -1,6 +1,6 @@
---
-- name: install certbot
+- name: "Install certbot"
ansible.builtin.package:
force_apt_get: true
install_recommends: false
diff --git a/roles/live/tasks/main.yml b/roles/nudgis/letsencrypt/tasks/main.yml
similarity index 86%
rename from roles/live/tasks/main.yml
rename to roles/nudgis/letsencrypt/tasks/main.yml
index 21ffa13e2e09ad71a2c7b4debadf373c8dab60cf..4831cba3254f3aff6f910d96e3ebc3ebab9c7388 100644
--- a/roles/live/tasks/main.yml
+++ b/roles/nudgis/letsencrypt/tasks/main.yml
@@ -1,6 +1,6 @@
---
-- name: INSTALL
+- name: "INSTALL"
ansible.builtin.include_tasks:
file: "install.yml"
apply:
@@ -10,7 +10,7 @@
tags:
- always
-- name: BASE CONFIGURATION
+- name: "BASE CONFIGURATION"
ansible.builtin.include_tasks:
file: "base.yml"
apply:
@@ -20,7 +20,7 @@
tags:
- always
-- name: CONFIGURE
+- name: "CONFIGURE"
ansible.builtin.include_tasks:
file: "configure.yml"
apply:
diff --git a/roles/nudgis/letsencrypt/vars/main.yml b/roles/nudgis/letsencrypt/vars/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..624776fbe50bf289de09a5b978be18e9eb22d9d8
--- /dev/null
+++ b/roles/nudgis/letsencrypt/vars/main.yml
@@ -0,0 +1,6 @@
+---
+
+# Default Let's Encrypt web root folder for challenges publication
+letsencrypt_webroot: "/var/www/letsencrypt"
+
+...
diff --git a/roles/live/README.md b/roles/nudgis/live/README.md
similarity index 98%
rename from roles/live/README.md
rename to roles/nudgis/live/README.md
index cef5f84ddf764cf211a5110a785bfc3c0fc1d04b..3c8fe6aa5e63a372161f26f0a6126f22accec5bb 100644
--- a/roles/live/README.md
+++ b/roles/nudgis/live/README.md
@@ -11,7 +11,7 @@ Available variables are listed below, along with the descriptions and the defaul
`live_ha`: Define if the deployment is an HA architecture (i.e. live domain is not handle by nudgis frontend server)
```
-live_ha: False
+live_ha: false
```
`live_domain`: Domain name of the live cluster (only if distinct live server(s) from MediaServer and live_ha variable is set to True) (Optional)
diff --git a/roles/live/defaults/main.yml b/roles/nudgis/live/defaults/main.yml
similarity index 96%
rename from roles/live/defaults/main.yml
rename to roles/nudgis/live/defaults/main.yml
index 4a7c8350bfad28a290160024f7cfa99016636b9e..0666b5dcbe3111e79853b35b70a082245486cf41 100644
--- a/roles/live/defaults/main.yml
+++ b/roles/nudgis/live/defaults/main.yml
@@ -1,7 +1,7 @@
---
# Define if the deployment is an HA architecture (i.e. live domain is not handle by nudgis frontend server)
-live_ha: False
+live_ha: false
# Domain name of the live cluster (only if distinct live server(s) from MediaServer and live_ha variable is set to True)
live_domain: "live.example.com"
diff --git a/roles/nudgis/live/handlers/main.yml b/roles/nudgis/live/handlers/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..0418a9e33d904c97e1095689e948871ebe38929d
--- /dev/null
+++ b/roles/nudgis/live/handlers/main.yml
@@ -0,0 +1,10 @@
+---
+
+- name: "Restart nginx"
+ ansible.builtin.systemd:
+ name: nginx
+ state: restarted
+
+- ansible.builtin.import_tasks: ../../shared/handlers/nftables.yml
+
+...
diff --git a/roles/live/tasks/base.yml b/roles/nudgis/live/tasks/base.yml
similarity index 54%
rename from roles/live/tasks/base.yml
rename to roles/nudgis/live/tasks/base.yml
index 014d6e3ed29fd1de8d0bf91123f5f5544ec547f0..df11bb04f878b6ab7c67343d9f86c800e3261d62 100644
--- a/roles/live/tasks/base.yml
+++ b/roles/nudgis/live/tasks/base.yml
@@ -1,17 +1,17 @@
---
# not working with a tmpfs (mode=777, user=group=root)
-# - name: Changing the rights on the TMPFS directory
-# notify: restart nginx
+# - name: "Changing the rights on the TMPFS directory"
+# notify: "Restart nginx"
# ansible.builtin.file:
# path: /var/tmp/nginx-rtmp
# owner: nginx
# group: root
# mode: "0700"
-- import_tasks: ../../shared/tasks/firewall_rules_files.yml # noqa: name[missing]
+- ansible.builtin.import_tasks: ../../shared/tasks/firewall_rules_files.yml
-- name: flush handlers
+- name: "Flush handlers"
ansible.builtin.meta: flush_handlers
...
diff --git a/roles/live/tasks/configure.yml b/roles/nudgis/live/tasks/configure.yml
similarity index 74%
rename from roles/live/tasks/configure.yml
rename to roles/nudgis/live/tasks/configure.yml
index 40f8073162876b6946b135600f69680cdd2171d3..385163e8ed5eda4a87eda592db171302cea3d7b5 100644
--- a/roles/live/tasks/configure.yml
+++ b/roles/nudgis/live/tasks/configure.yml
@@ -1,6 +1,6 @@
---
-- name: SETUP LIVE TMPFS PARTITION
+- name: "SETUP LIVE TMPFS PARTITION"
ansible.builtin.include_tasks: "configure/tmpfs.yml"
when:
- live_tmpfs_size is defined
diff --git a/roles/live/tasks/configure/tmpfs.yml b/roles/nudgis/live/tasks/configure/tmpfs.yml
similarity index 67%
rename from roles/live/tasks/configure/tmpfs.yml
rename to roles/nudgis/live/tasks/configure/tmpfs.yml
index de1a08c68e00d7319cf5fd448f3a4879137d0c71..f7e42826922facf956452039ba403413317a7c40 100644
--- a/roles/live/tasks/configure/tmpfs.yml
+++ b/roles/nudgis/live/tasks/configure/tmpfs.yml
@@ -1,7 +1,7 @@
---
-- name: TMPFS creation to store the live chunks
- notify: restart nginx
+- name: "TMPFS creation to store the live chunks"
+ notify: "Restart nginx"
ansible.posix.mount:
path: /var/tmp/nginx-rtmp
src: tmpfs
diff --git a/roles/live/tasks/install.yml b/roles/nudgis/live/tasks/install.yml
similarity index 89%
rename from roles/live/tasks/install.yml
rename to roles/nudgis/live/tasks/install.yml
index 95fa504816b7be8e6d8d9ae4f737b179ef7fa309..306e942072771a6fc6867ecb2e80b58a19486948 100644
--- a/roles/live/tasks/install.yml
+++ b/roles/nudgis/live/tasks/install.yml
@@ -1,6 +1,6 @@
---
-- name: Live packages installation
+- name: "Live packages installation"
ansible.builtin.apt:
force_apt_get: true
install_recommends: false
diff --git a/roles/fail2ban/tasks/main.yml b/roles/nudgis/live/tasks/main.yml
similarity index 86%
rename from roles/fail2ban/tasks/main.yml
rename to roles/nudgis/live/tasks/main.yml
index 21ffa13e2e09ad71a2c7b4debadf373c8dab60cf..4831cba3254f3aff6f910d96e3ebc3ebab9c7388 100644
--- a/roles/fail2ban/tasks/main.yml
+++ b/roles/nudgis/live/tasks/main.yml
@@ -1,6 +1,6 @@
---
-- name: INSTALL
+- name: "INSTALL"
ansible.builtin.include_tasks:
file: "install.yml"
apply:
@@ -10,7 +10,7 @@
tags:
- always
-- name: BASE CONFIGURATION
+- name: "BASE CONFIGURATION"
ansible.builtin.include_tasks:
file: "base.yml"
apply:
@@ -20,7 +20,7 @@
tags:
- always
-- name: CONFIGURE
+- name: "CONFIGURE"
ansible.builtin.include_tasks:
file: "configure.yml"
apply:
diff --git a/roles/live/vars/main.yml b/roles/nudgis/live/vars/main.yml
similarity index 100%
rename from roles/live/vars/main.yml
rename to roles/nudgis/live/vars/main.yml
diff --git a/roles/lxc/README.md b/roles/nudgis/lxc/README.md
similarity index 100%
rename from roles/lxc/README.md
rename to roles/nudgis/lxc/README.md
diff --git a/roles/lxc/defaults/main.yml b/roles/nudgis/lxc/defaults/main.yml
similarity index 100%
rename from roles/lxc/defaults/main.yml
rename to roles/nudgis/lxc/defaults/main.yml
diff --git a/roles/lxc/files/lxc-net.host_bridge b/roles/nudgis/lxc/files/lxc-net.host_bridge
similarity index 100%
rename from roles/lxc/files/lxc-net.host_bridge
rename to roles/nudgis/lxc/files/lxc-net.host_bridge
diff --git a/roles/lxc/files/lxc-net.masquerade_bridge b/roles/nudgis/lxc/files/lxc-net.masquerade_bridge
similarity index 100%
rename from roles/lxc/files/lxc-net.masquerade_bridge
rename to roles/nudgis/lxc/files/lxc-net.masquerade_bridge
diff --git a/roles/lxc/handlers/main.yml b/roles/nudgis/lxc/handlers/main.yml
similarity index 67%
rename from roles/lxc/handlers/main.yml
rename to roles/nudgis/lxc/handlers/main.yml
index a237a6dbb4186d659b0a05546ba1bc5201a077ef..36fd1aee7d41b8aeb2af09a358309e2d81b56dfc 100644
--- a/roles/lxc/handlers/main.yml
+++ b/roles/nudgis/lxc/handlers/main.yml
@@ -1,13 +1,13 @@
---
-- name: restart lxc
+- name: "Restart lxc"
ansible.builtin.systemd:
name: lxc
state: restarted
changed_when: true
- notify: restart lxc-net
+ notify: "Restart lxc-net"
-- name: restart lxc-net
+- name: "Restart lxc-net"
ansible.builtin.systemd:
name: lxc-net
state: restarted
diff --git a/roles/lxc/tasks/base.yml b/roles/nudgis/lxc/tasks/base.yml
similarity index 74%
rename from roles/lxc/tasks/base.yml
rename to roles/nudgis/lxc/tasks/base.yml
index b873969f02522b38204758c6a73813b868ee56c7..3df8a917a04408dd8ee7c60b70b28c8081d8905c 100644
--- a/roles/lxc/tasks/base.yml
+++ b/roles/nudgis/lxc/tasks/base.yml
@@ -1,16 +1,16 @@
---
-- name: Host bridge configuration
+- name: "Host bridge configuration"
when: lxc_network_type == 'host_bridge'
block:
- - name: Masquerade bridge configuration disabling
- notify: restart lxc-net
+ - name: "Masquerade bridge configuration disabling"
+ notify: "Restart lxc-net"
ansible.builtin.copy:
src: lxc-net.host_bridge
dest: /etc/default/lxc-net
mode: "644"
- - name: Ask confirmation
+ - name: "Ask confirmation"
ansible.builtin.pause:
prompt: |
-------------------------------------------------------------------------------------------
@@ -22,23 +22,23 @@
register: confirm_continue
no_log: true
- - name: check parm is null or invalid
+ - name: "Check parm is null or invalid"
ansible.builtin.fail:
msg: 'Installation aborted'
when: not ((confirm_continue.user_input | bool) or (confirm_continue.user_input | length == 0))
-- name: Masquerade bridge configuration
+- name: "Masquerade bridge configuration"
when: lxc_network_type == 'masquerade_bridge'
block:
- - name: Container network configuration
- notify: restart lxc-net
+ - name: "Container network configuration"
+ notify: "Restart lxc-net"
ansible.builtin.copy:
src: lxc-net.masquerade_bridge
dest: /etc/default/lxc-net
mode: "644"
-- name: Default container configuration
- notify: restart lxc
+- name: "Default container configuration"
+ notify: "Restart lxc"
ansible.builtin.template:
src: lxc-default.j2
dest: /etc/lxc/default.conf
diff --git a/roles/lxc/tasks/install.yml b/roles/nudgis/lxc/tasks/install.yml
similarity index 89%
rename from roles/lxc/tasks/install.yml
rename to roles/nudgis/lxc/tasks/install.yml
index 1b685aac0a44bf48f20226060df4b9d7efe91d48..d19a815dcaf5ff08f3f78580958b112a99cbb133 100644
--- a/roles/lxc/tasks/install.yml
+++ b/roles/nudgis/lxc/tasks/install.yml
@@ -1,6 +1,6 @@
---
-- name: LXC packages installation
+- name: "LXC packages installation"
ansible.builtin.apt:
force_apt_get: true
name:
diff --git a/roles/nftables/tasks/main.yml b/roles/nudgis/lxc/tasks/main.yml
similarity index 85%
rename from roles/nftables/tasks/main.yml
rename to roles/nudgis/lxc/tasks/main.yml
index 5489c96f5fdafb340fd2c1d566cb768977d6e6f9..0bb18f240f3c721004ecd393e94877e1cdc6dd0c 100644
--- a/roles/nftables/tasks/main.yml
+++ b/roles/nudgis/lxc/tasks/main.yml
@@ -1,6 +1,6 @@
---
-- name: INSTALL
+- name: "INSTALL"
ansible.builtin.include_tasks:
file: "install.yml"
apply:
@@ -10,7 +10,7 @@
tags:
- always
-- name: BASE CONFIGURATION
+- name: "BASE CONFIGURATION"
ansible.builtin.include_tasks:
file: "base.yml"
apply:
diff --git a/roles/lxc/templates/lxc-default.j2 b/roles/nudgis/lxc/templates/lxc-default.j2
similarity index 100%
rename from roles/lxc/templates/lxc-default.j2
rename to roles/nudgis/lxc/templates/lxc-default.j2
diff --git a/roles/mirismanager/README.md b/roles/nudgis/manager/README.md
similarity index 83%
rename from roles/mirismanager/README.md
rename to roles/nudgis/manager/README.md
index d2f01c2fd00b0ab60724ca48d0a8b3f85678c4c8..526316b8701b2b8a76fdbeaf5f13ca7854adcb78 100644
--- a/roles/mirismanager/README.md
+++ b/roles/nudgis/manager/README.md
@@ -1,7 +1,7 @@
-# Mirismanager
+# Manager
## Description
-The mirismanager group is used to configure all hosts with the UbiCast platform to control and manage video recorders.
+The manager group is used to configure all hosts with the UbiCast platform to control and manage video recorders.
* In a standard Ubicast case, the host is the same as mediaserver
* In a HA Ubicast case, it is usually a dedicated server
@@ -19,11 +19,6 @@ manager_domain: "manager.example.com"
manager_email_from: "noreply@{{ manager_domain }}"
```
-`proxy_http`: Mandatory proxy to use in apt-cacher-ng (Optional)
-```
-proxy_http: ""
-```
-
`manager_database_domain`: Domain to reach PostgreSQL database
```
manager_database_domain: "database.manager.example.com"
diff --git a/roles/mirismanager/defaults/main.yml b/roles/nudgis/manager/defaults/main.yml
similarity index 91%
rename from roles/mirismanager/defaults/main.yml
rename to roles/nudgis/manager/defaults/main.yml
index cc09307502ecbcf7cdceac6ae85f374ddb0dd5a5..e4dd4f3d473717ab3cf7d08ba0871a2c6c7f0879 100644
--- a/roles/mirismanager/defaults/main.yml
+++ b/roles/nudgis/manager/defaults/main.yml
@@ -6,9 +6,6 @@ manager_domain: "manager.example.com"
# Defines the default address for the Nudgis Manager emails sender
manager_email_from: "noreply@{{ manager_domain }}"
-# Mandatory proxy to use in apt-cacher-ng
-proxy_http: ""
-
# Domain to reach PostgreSQL database
manager_database_domain: "database.manager.example.com"
diff --git a/roles/mirismanager/files/install.example.ini b/roles/nudgis/manager/files/install.example.ini
similarity index 100%
rename from roles/mirismanager/files/install.example.ini
rename to roles/nudgis/manager/files/install.example.ini
diff --git a/roles/mirismanager/handlers/main.yml b/roles/nudgis/manager/handlers/main.yml
similarity index 58%
rename from roles/mirismanager/handlers/main.yml
rename to roles/nudgis/manager/handlers/main.yml
index fc4f2e568c008074f7efc378208bbe85a699a5d2..71246703c820eb6072a5cf43b712b3d61af739c3 100644
--- a/roles/mirismanager/handlers/main.yml
+++ b/roles/nudgis/manager/handlers/main.yml
@@ -1,20 +1,20 @@
---
-- name: restart nginx
+- name: "Restart nginx"
ansible.builtin.service:
name: nginx
state: restarted
-- name: restart skyreach
+- name: "Restart skyreach"
ansible.builtin.service:
name: skyreach
state: restarted
-- name: restart apt-cacher-ng
+- name: "Restart apt-cacher-ng"
ansible.builtin.service:
name: apt-cacher-ng
state: restarted
-- import_tasks: ../../shared/handlers/nftables.yml # noqa: name[missing]
+- ansible.builtin.import_tasks: ../../shared/handlers/nftables.yml
...
diff --git a/roles/nudgis/manager/meta/main.yml b/roles/nudgis/manager/meta/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..87563160c08f72eb09c251e751e386830c6e6335
--- /dev/null
+++ b/roles/nudgis/manager/meta/main.yml
@@ -0,0 +1,6 @@
+---
+
+dependencies:
+ - role: nudgis/nginx
+
+...
diff --git a/roles/mirismanager/tasks/base.yml b/roles/nudgis/manager/tasks/base.yml
similarity index 58%
rename from roles/mirismanager/tasks/base.yml
rename to roles/nudgis/manager/tasks/base.yml
index 80d1d9cbf846117e39ad4c68b14d0d883977d308..07c2100b64b7d18635159cf26a9c0cf1b1dda92e 100644
--- a/roles/mirismanager/tasks/base.yml
+++ b/roles/nudgis/manager/tasks/base.yml
@@ -1,11 +1,11 @@
---
-- name: Stats Nudgis Manager main configuration file
+- name: "Stats Nudgis Manager main configuration file"
ansible.builtin.stat:
path: "/etc/skyreach/install.ini"
register: manager_config
-- name: Populate Nudgis Manager base configuration with example values
+- name: "Populate Nudgis Manager base configuration with example values"
when: manager_config.stat.size == 0
ansible.builtin.copy:
src: "/etc/skyreach/install.example.ini"
@@ -13,9 +13,9 @@
mode: "preserve"
remote_src: true
-- import_tasks: ../../shared/tasks/firewall_rules_files.yml # noqa: name[missing]
+- ansible.builtin.import_tasks: ../../shared/tasks/firewall_rules_files.yml
-- name: flush handlers
+- name: "Flush handlers"
ansible.builtin.meta: flush_handlers
...
diff --git a/roles/mirismanager/tasks/configure.yml b/roles/nudgis/manager/tasks/configure.yml
similarity index 78%
rename from roles/mirismanager/tasks/configure.yml
rename to roles/nudgis/manager/tasks/configure.yml
index 03790074e22af8b29e1b9bfd6ad28d8c2c4c3143..b1a59944979e371b8e66f92636bf3fd3d46890eb 100644
--- a/roles/mirismanager/tasks/configure.yml
+++ b/roles/nudgis/manager/tasks/configure.yml
@@ -1,29 +1,29 @@
---
-- name: CONFIGURE DATABASE
+- name: "CONFIGURE DATABASE"
ansible.builtin.include_tasks: "configure/database.yml"
when:
- manager_database_domain is defined
- manager_database_port is defined
- manager_database_password is defined
-- name: CONFIGURE DOMAIN
+- name: "CONFIGURE DOMAIN"
ansible.builtin.include_tasks: "configure/domain.yml"
when:
- manager_domain is defined
-- name: CONFIGURE ADMIN USERS
+- name: "CONFIGURE ADMIN USERS"
ansible.builtin.include_tasks: "configure/users.yml"
when:
- manager_user_ubicast_password is defined
- manager_user_admin_password is defined
-- name: CONFIGURE NUDGIS MANAGER EMAIL SENDER ADDRESS
+- name: "CONFIGURE NUDGIS MANAGER EMAIL SENDER ADDRESS"
ansible.builtin.include_tasks: "configure/email.yml"
when:
- manager_email_from is defined
-- name: CONFIGURE APT CACHER MANDATORY PROXY
+- name: "CONFIGURE APT CACHER MANDATORY PROXY"
ansible.builtin.include_tasks: "configure/apt-cacher-proxy.yml"
when:
- proxy_http is defined
diff --git a/roles/mirismanager/tasks/configure/apt-cacher-proxy.yml b/roles/nudgis/manager/tasks/configure/apt-cacher-proxy.yml
similarity index 72%
rename from roles/mirismanager/tasks/configure/apt-cacher-proxy.yml
rename to roles/nudgis/manager/tasks/configure/apt-cacher-proxy.yml
index b0bc4b4cd83dc3339f3dbd1eeef2d23454dee516..f62090ad59e828a2079caa084e5e6e824406d20c 100644
--- a/roles/mirismanager/tasks/configure/apt-cacher-proxy.yml
+++ b/roles/nudgis/manager/tasks/configure/apt-cacher-proxy.yml
@@ -1,14 +1,14 @@
---
-- name: check apt cacher ng config exists
+- name: "Check apt cacher ng config exists"
register: manager_apt_cacher_conf
ansible.builtin.stat:
path: /etc/apt-cacher-ng/acng.conf
-- name: configure apt-cacher-ng
+- name: "Configure apt-cacher-ng"
when:
- manager_apt_cacher_conf.stat.exists
- notify: restart apt-cacher-ng
+ notify: "Restart apt-cacher-ng"
ansible.builtin.lineinfile:
path: /etc/apt-cacher-ng/acng.conf
regexp: "^Proxy: .*"
diff --git a/roles/mirismanager/tasks/configure/database.yml b/roles/nudgis/manager/tasks/configure/database.yml
similarity index 59%
rename from roles/mirismanager/tasks/configure/database.yml
rename to roles/nudgis/manager/tasks/configure/database.yml
index 0c2bd02c29f178fed0f07536a0ca041b35373d49..38335e6cdfe1184b58eb6e24b65d9161383f8ce7 100644
--- a/roles/mirismanager/tasks/configure/database.yml
+++ b/roles/nudgis/manager/tasks/configure/database.yml
@@ -1,13 +1,13 @@
---
-- name: Configure database
+- name: "Configure database"
ansible.builtin.replace:
path: /etc/skyreach/install.ini
regexp: '^(\s*)#?\s*{{ item.name }}\s*=.*$'
replace: '\1{{ item.name }} = {{ item.value }}'
loop:
- - { name: 'DB_HOST', value: '{{ manager_database_domain }}' } # noqa: yaml[commas]
- - { name: 'DB_PORT', value: '{{ manager_database_port }}' } # noqa: yaml[commas]
+ - { name: 'DB_HOST', value: '{{ manager_database_domain }}' }
+ - { name: 'DB_PORT', value: '{{ manager_database_port }}' }
- { name: 'DB_ROOT_PWD', value: '{{ manager_database_password }}' }
# /!\ Does not alter the already created instances /!\
diff --git a/roles/mirismanager/tasks/configure/domain.yml b/roles/nudgis/manager/tasks/configure/domain.yml
similarity index 69%
rename from roles/mirismanager/tasks/configure/domain.yml
rename to roles/nudgis/manager/tasks/configure/domain.yml
index a1d1dd3ab8df893783badcc4d907ea90c75bd42d..e06f0caf200eef010cecbd8d017ffa467bf3c946 100644
--- a/roles/mirismanager/tasks/configure/domain.yml
+++ b/roles/nudgis/manager/tasks/configure/domain.yml
@@ -1,12 +1,12 @@
---
-- name: Configure domain
+- name: "Configure domain"
ansible.builtin.replace:
path: /etc/skyreach/install.ini
regexp: '^(\s*)#?\s*{{ item.name }}\s*=.*$'
replace: '\1{{ item.name }} = {{ item.value }}'
loop:
- - { name: 'DOMAIN', value: '{{ manager_domain }}' } # noqa: yaml[commas]
+ - { name: 'DOMAIN', value: '{{ manager_domain }}' }
# /!\ Does not alter the already created instances /!\
diff --git a/roles/mirismanager/tasks/configure/email.yml b/roles/nudgis/manager/tasks/configure/email.yml
similarity index 75%
rename from roles/mirismanager/tasks/configure/email.yml
rename to roles/nudgis/manager/tasks/configure/email.yml
index 7fefbc2f7de01f933c64e8a215a372d4cbda886c..828bd233930aca7cf49df7a30c2ac6875b36a99c 100644
--- a/roles/mirismanager/tasks/configure/email.yml
+++ b/roles/nudgis/manager/tasks/configure/email.yml
@@ -1,7 +1,7 @@
---
-- name: configure email sender address
- notify: restart skyreach
+- name: "Configure email sender address"
+ notify: "Restart skyreach"
ansible.builtin.lineinfile:
path: /home/skyreach/skyreach_data/private/settings_override.py
regexp: ^#? ?DEFAULT_FROM_EMAIL.*
diff --git a/roles/mirismanager/tasks/configure/users.yml b/roles/nudgis/manager/tasks/configure/users.yml
similarity index 63%
rename from roles/mirismanager/tasks/configure/users.yml
rename to roles/nudgis/manager/tasks/configure/users.yml
index 713415bfddeb48191d7a4aa68932cc11b261290b..9024a7a123c7a3a71d1436195b7c135a9c0b36d5 100644
--- a/roles/mirismanager/tasks/configure/users.yml
+++ b/roles/nudgis/manager/tasks/configure/users.yml
@@ -1,13 +1,13 @@
---
-- name: Configure application users
+- name: "Configure application users"
ansible.builtin.replace:
path: /etc/skyreach/install.ini
regexp: '^(\s*)#?\s*{{ item.name }}\s*=.*$'
replace: '\1{{ item.name }} = {{ item.value }}'
loop:
- - { name: 'SUPERUSER_PWD', value: '{{ manager_user_ubicast_password }}' } # noqa: yaml[commas]
- - { name: 'ADMIN_PWD', value: '{{ manager_user_admin_password }}' } # noqa: yaml[commas]
+ - { name: 'SUPERUSER_PWD', value: '{{ manager_user_ubicast_password }}' }
+ - { name: 'ADMIN_PWD', value: '{{ manager_user_admin_password }}' }
# /!\ Does not alter the already created instances /!\
diff --git a/roles/mirismanager/tasks/install.yml b/roles/nudgis/manager/tasks/install.yml
similarity index 88%
rename from roles/mirismanager/tasks/install.yml
rename to roles/nudgis/manager/tasks/install.yml
index e57d308cc9812ae87a0fb1c7f9891c713781bccd..3be2c6f09b72e3ac268a6caf4406788ca714add5 100644
--- a/roles/mirismanager/tasks/install.yml
+++ b/roles/nudgis/manager/tasks/install.yml
@@ -1,6 +1,6 @@
---
-- name: mirismanager dependencies install
+- name: "Nudgis Manager dependencies install"
ansible.builtin.apt:
force_apt_get: true
install_recommends: false
@@ -9,7 +9,7 @@
retries: 60
until: apt_status is success or ('Failed to lock apt for exclusive operation' not in apt_status.msg and '/var/lib/dpkg/lock' not in apt_status.msg)
-- name: mirismanager install
+- name: "Nudgis Manager install"
ansible.builtin.apt:
force_apt_get: true
install_recommends: false
diff --git a/roles/nudgis/manager/tasks/main.yml b/roles/nudgis/manager/tasks/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..4831cba3254f3aff6f910d96e3ebc3ebab9c7388
--- /dev/null
+++ b/roles/nudgis/manager/tasks/main.yml
@@ -0,0 +1,33 @@
+---
+
+- name: "INSTALL"
+ ansible.builtin.include_tasks:
+ file: "install.yml"
+ apply:
+ become: true
+ tags:
+ - install
+ tags:
+ - always
+
+- name: "BASE CONFIGURATION"
+ ansible.builtin.include_tasks:
+ file: "base.yml"
+ apply:
+ become: true
+ tags:
+ - base
+ tags:
+ - always
+
+- name: "CONFIGURE"
+ ansible.builtin.include_tasks:
+ file: "configure.yml"
+ apply:
+ become: true
+ tags:
+ - configure
+ tags:
+ - always
+
+...
diff --git a/roles/mirismanager/vars/main.yml b/roles/nudgis/manager/vars/main.yml
similarity index 100%
rename from roles/mirismanager/vars/main.yml
rename to roles/nudgis/manager/vars/main.yml
diff --git a/roles/monitor/munin_node/README.md b/roles/nudgis/monitor/client/README.md
similarity index 83%
rename from roles/monitor/munin_node/README.md
rename to roles/nudgis/monitor/client/README.md
index 118b0be5ae3db4d56a362d1a43ccdef780910375..50c0eb0c00fd0353c02d04ddadaade37152cdd6f 100644
--- a/roles/monitor/munin_node/README.md
+++ b/roles/nudgis/monitor/client/README.md
@@ -1,7 +1,7 @@
-# Munin_node
+# Monitor_client
## Description
-The munin_node group is used to configure all hosts to send monitoring data back to the monitoring server (munin_server group).
+The monitor_client group is used to configure the hosts to send monitoring data back to the monitor servers (monitor_server group).
* In a standard and HA Ubicast case, the hosts are all those that compose the UbiCast platform
This group is only meant to be used as a meta group (see for instance meta groups section in the [standard example inventory](../../inventories/example/std/hosts) or [HA example inventory](../../inventories/example/ha/hosts)).
diff --git a/roles/monitor/munin_node/defaults/main.yml b/roles/nudgis/monitor/client/defaults/main.yml
similarity index 100%
rename from roles/monitor/munin_node/defaults/main.yml
rename to roles/nudgis/monitor/client/defaults/main.yml
diff --git a/roles/nudgis/monitor/client/handlers/main.yml b/roles/nudgis/monitor/client/handlers/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..241f45e411a9cbd48aab341f1cdcb423d9e866ec
--- /dev/null
+++ b/roles/nudgis/monitor/client/handlers/main.yml
@@ -0,0 +1,6 @@
+---
+
+- ansible.builtin.import_tasks: ../../shared/handlers/munin-node.yml
+- ansible.builtin.import_tasks: ../../shared/handlers/nftables.yml
+
+...
diff --git a/roles/nudgis/monitor/client/tasks/base.yml b/roles/nudgis/monitor/client/tasks/base.yml
new file mode 100644
index 0000000000000000000000000000000000000000..48598b1e781a942eea2ef1e44b771c345731c043
--- /dev/null
+++ b/roles/nudgis/monitor/client/tasks/base.yml
@@ -0,0 +1,5 @@
+---
+
+- ansible.builtin.import_tasks: ../../shared/tasks/firewall_rules_files.yml
+
+...
diff --git a/roles/monitor/munin_node/tasks/configure.yml b/roles/nudgis/monitor/client/tasks/configure.yml
similarity index 83%
rename from roles/monitor/munin_node/tasks/configure.yml
rename to roles/nudgis/monitor/client/tasks/configure.yml
index 8c4ea21f1f6fb50c836c5d9f905fc5b67d39d716..5f7e5f43a1954d43f86bdebb88f2b016c118232f 100644
--- a/roles/monitor/munin_node/tasks/configure.yml
+++ b/roles/nudgis/monitor/client/tasks/configure.yml
@@ -1,6 +1,6 @@
---
-- name: CONFIGURE MUNIN-NODE
+- name: "CONFIGURE MUNIN-NODE"
ansible.builtin.include_tasks: "configure/main-configuration.yml"
when:
- ubicast_customer_name is defined
diff --git a/roles/monitor/munin_node/tasks/configure/main-configuration.yml b/roles/nudgis/monitor/client/tasks/configure/main-configuration.yml
similarity index 50%
rename from roles/monitor/munin_node/tasks/configure/main-configuration.yml
rename to roles/nudgis/monitor/client/tasks/configure/main-configuration.yml
index 35b0b0ca4cbab0468badce221da75d67a4d9835a..a27f372f7a2e18aaf58b35602de37b7236af9b4d 100644
--- a/roles/monitor/munin_node/tasks/configure/main-configuration.yml
+++ b/roles/nudgis/monitor/client/tasks/configure/main-configuration.yml
@@ -1,9 +1,7 @@
---
-- name: copy munin_node configuration
- notify:
- - Setup munin-node plugins link
- - Restart munin-node service
+- name: "Copy munin_node configuration"
+ notify: "Configure and restart munin-node"
ansible.builtin.template:
src: munin_node.conf.j2
dest: /etc/munin/munin-node.conf
diff --git a/roles/monitor/munin_node/tasks/install.yml b/roles/nudgis/monitor/client/tasks/install.yml
similarity index 86%
rename from roles/monitor/munin_node/tasks/install.yml
rename to roles/nudgis/monitor/client/tasks/install.yml
index 00f19ccba2882fbe5f7dbd0b3b361308e374216b..b18619a9ecc8192ce3e2497c755cb40a4d1542c0 100644
--- a/roles/monitor/munin_node/tasks/install.yml
+++ b/roles/nudgis/monitor/client/tasks/install.yml
@@ -1,6 +1,6 @@
---
-- name: install required packages for munin-node
+- name: "Install required packages for munin-node"
ansible.builtin.apt:
force_apt_get: true
install_recommends: false
diff --git a/roles/nudgis/monitor/client/tasks/main.yml b/roles/nudgis/monitor/client/tasks/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..4831cba3254f3aff6f910d96e3ebc3ebab9c7388
--- /dev/null
+++ b/roles/nudgis/monitor/client/tasks/main.yml
@@ -0,0 +1,33 @@
+---
+
+- name: "INSTALL"
+ ansible.builtin.include_tasks:
+ file: "install.yml"
+ apply:
+ become: true
+ tags:
+ - install
+ tags:
+ - always
+
+- name: "BASE CONFIGURATION"
+ ansible.builtin.include_tasks:
+ file: "base.yml"
+ apply:
+ become: true
+ tags:
+ - base
+ tags:
+ - always
+
+- name: "CONFIGURE"
+ ansible.builtin.include_tasks:
+ file: "configure.yml"
+ apply:
+ become: true
+ tags:
+ - configure
+ tags:
+ - always
+
+...
diff --git a/roles/monitor/munin_node/templates/munin_node.conf.j2 b/roles/nudgis/monitor/client/templates/munin_node.conf.j2
similarity index 87%
rename from roles/monitor/munin_node/templates/munin_node.conf.j2
rename to roles/nudgis/monitor/client/templates/munin_node.conf.j2
index 8d2aeb2355bbad2dca72f7391ca70be14831854f..cd8113d724184379f48b494a3b1e23c2d52383f9 100644
--- a/roles/monitor/munin_node/templates/munin_node.conf.j2
+++ b/roles/nudgis/monitor/client/templates/munin_node.conf.j2
@@ -23,8 +23,8 @@ host_name {{ munin_node_hostname }}.{{ ubicast_customer_name }}
{% if munin_server_ip %}
allow ^{{ munin_server_ip | replace('.', '\.') }}$
-{% elif groups['munin_server'] is defined %}
-{% for host in groups['munin_server'] %}
+{% elif groups['monitor_server'] is defined %}
+{% for host in groups['monitor_server'] %}
allow ^{{ hostvars[host]['ansible_facts']['default_ipv4']['address'] | replace('.','\.') }}$
{% endfor %}
{% endif %}
diff --git a/roles/monitor/munin_node/vars/main.yml b/roles/nudgis/monitor/client/vars/main.yml
similarity index 100%
rename from roles/monitor/munin_node/vars/main.yml
rename to roles/nudgis/monitor/client/vars/main.yml
diff --git a/roles/monitor/msmonitor/README.md b/roles/nudgis/monitor/server/README.md
similarity index 61%
rename from roles/monitor/msmonitor/README.md
rename to roles/nudgis/monitor/server/README.md
index 07d698ee596dec689c83acb0bc080b8327512a14..67086b606fb8e68a6f7ce517f346010b6a8d1a3c 100644
--- a/roles/monitor/msmonitor/README.md
+++ b/roles/nudgis/monitor/server/README.md
@@ -1,7 +1,7 @@
-# Msmonitor
+# Monitor_server
## Description
-The msmonitor group is used to configure all hosts to allow to access to monitoring data through a secure web interface.
+The monitor_server group is used to configure the hosts to allow to access to monitoring data through a web interface (webmonitor).
* In a standard and HA Ubicast case, the host(s) is(are) the same as mediaserver
This group is only meant to be used as a meta group (see for instance meta groups section in the [standard example inventory](../../inventories/example/std/hosts) or [HA example inventory](../../inventories/example/ha/hosts)).
@@ -24,3 +24,13 @@ monitor_user_ubicast_password: "changeit"
```
monitor_user_admin_password: "changeit"
```
+
+`ubicast_customer_name`: Short name of the customer, with no spaces. This name is used in munin to group the graphs under the same name.
+```
+ubicast_customer_name: "example"
+```
+
+`munin_nodes`: List of munin_nodes with their names and IP (each element of the list is a dictionary with a "name" and a "ip" key) (Optional)
+```
+munin_nodes: []
+```
diff --git a/roles/monitor/munin_server/defaults/main.yml b/roles/nudgis/monitor/server/defaults/main.yml
similarity index 54%
rename from roles/monitor/munin_server/defaults/main.yml
rename to roles/nudgis/monitor/server/defaults/main.yml
index 7021226c64ce372160c2ed194cf113842e669ebf..0e08aaa2e0780acdda963fe1eb1c8e94c6dffc4f 100644
--- a/roles/monitor/munin_server/defaults/main.yml
+++ b/roles/nudgis/monitor/server/defaults/main.yml
@@ -1,5 +1,14 @@
---
+# Defines the default domain for monitor
+monitor_domain: "monitor.example.com"
+
+# Password for the webmonitor ubicast user
+monitor_user_ubicast_password: "changeit"
+
+# Password for the webmonitor admin user
+monitor_user_admin_password: "changeit"
+
# Short name of the customer, with no spaces. This name is used in munin to group the graphs under the same name.
ubicast_customer_name: "example"
diff --git a/roles/monitor/msmonitor/files/install.example.ini b/roles/nudgis/monitor/server/files/install.example.ini
similarity index 100%
rename from roles/monitor/msmonitor/files/install.example.ini
rename to roles/nudgis/monitor/server/files/install.example.ini
diff --git a/roles/nudgis/monitor/server/handlers/main.yml b/roles/nudgis/monitor/server/handlers/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..81213b1c112716564993adf7e2ad4d52e64e11ad
--- /dev/null
+++ b/roles/nudgis/monitor/server/handlers/main.yml
@@ -0,0 +1,23 @@
+---
+
+- name: "Restart nginx"
+ ansible.builtin.service:
+ name: nginx
+ state: restarted
+
+- name: "Wait for munin cron to end"
+ ansible.builtin.wait_for:
+ path: /var/run/munin/munin-update.lock
+ state: absent
+ listen: "Restart munin-server"
+
+- name: "Restart munin-server service"
+ ansible.builtin.service:
+ name: munin
+ state: restarted
+ listen: "Restart munin-server"
+
+- ansible.builtin.import_tasks: ../../shared/handlers/munin-node.yml
+- ansible.builtin.import_tasks: ../../shared/handlers/nftables.yml
+
+...
diff --git a/roles/nudgis/monitor/server/meta/main.yml b/roles/nudgis/monitor/server/meta/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..87563160c08f72eb09c251e751e386830c6e6335
--- /dev/null
+++ b/roles/nudgis/monitor/server/meta/main.yml
@@ -0,0 +1,6 @@
+---
+
+dependencies:
+ - role: nudgis/nginx
+
+...
diff --git a/roles/monitor/msmonitor/tasks/base.yml b/roles/nudgis/monitor/server/tasks/base.yml
similarity index 59%
rename from roles/monitor/msmonitor/tasks/base.yml
rename to roles/nudgis/monitor/server/tasks/base.yml
index 6e73ba886bb40c405e2892fcd3d4b0c4f3a9ed6e..a2eca18a98aa12fcd958d74efc3b4e2d5a9f7d3a 100644
--- a/roles/monitor/msmonitor/tasks/base.yml
+++ b/roles/nudgis/monitor/server/tasks/base.yml
@@ -1,11 +1,11 @@
---
-- name: Stats Webmonitor main configuration file
+- name: "Stats Webmonitor main configuration file"
ansible.builtin.stat:
path: "/etc/webmonitor/install.ini"
register: monitor_config
-- name: Populate Webmonitor base configuration with example values
+- name: "Populate Webmonitor base configuration with example values"
when: monitor_config.stat.size == 0
ansible.builtin.copy:
src: "/etc/webmonitor/install.example.ini"
@@ -13,6 +13,6 @@
mode: "preserve"
remote_src: true
-- import_tasks: ../../shared/tasks/firewall_rules_files.yml # noqa: name[missing]
+- ansible.builtin.import_tasks: ../../shared/tasks/firewall_rules_files.yml
...
diff --git a/roles/monitor/msmonitor/tasks/configure.yml b/roles/nudgis/monitor/server/tasks/configure.yml
similarity index 57%
rename from roles/monitor/msmonitor/tasks/configure.yml
rename to roles/nudgis/monitor/server/tasks/configure.yml
index 8174e74e59297a1f154b28a3f28ff5f71ea26c1a..8ac49aa48692eb54320f4654671798432d7d59ab 100644
--- a/roles/monitor/msmonitor/tasks/configure.yml
+++ b/roles/nudgis/monitor/server/tasks/configure.yml
@@ -1,11 +1,16 @@
---
-- name: CONFIGURE DOMAIN
+- name: "CONFIGURE MUNIN-SERVER"
+ ansible.builtin.include_tasks: "configure/munin.yml"
+ when:
+ - ubicast_customer_name is defined
+
+- name: "CONFIGURE DOMAIN"
ansible.builtin.include_tasks: "configure/domain.yml"
when:
- monitor_domain is defined
-- name: CONFIGURE ADMIN USERS
+- name: "CONFIGURE ADMIN USERS"
ansible.builtin.include_tasks: "configure/users.yml"
when:
- monitor_user_admin_password is defined
diff --git a/roles/monitor/msmonitor/tasks/configure/domain.yml b/roles/nudgis/monitor/server/tasks/configure/domain.yml
similarity index 65%
rename from roles/monitor/msmonitor/tasks/configure/domain.yml
rename to roles/nudgis/monitor/server/tasks/configure/domain.yml
index 05fc3ec3741eae732dbe9fb1df7b6e0011ea382e..2392f4205b47083a6cc3537a94369abf22f9a270 100644
--- a/roles/monitor/msmonitor/tasks/configure/domain.yml
+++ b/roles/nudgis/monitor/server/tasks/configure/domain.yml
@@ -1,12 +1,12 @@
---
-- name: Configure domain
+- name: "Configure domain"
ansible.builtin.replace:
path: /etc/webmonitor/install.ini
regexp: '^(\s*)#?\s*{{ item.name }}\s*=.*$'
replace: '\1{{ item.name }} = {{ item.value }}'
loop:
- - { name: 'DOMAIN', value: '{{ monitor_domain }}' } # noqa: yaml[commas]
+ - { name: 'DOMAIN', value: '{{ monitor_domain }}' }
# /!\ Does not alter the already created instances /!\
diff --git a/roles/monitor/munin_server/tasks/configure/main-configuration.yml b/roles/nudgis/monitor/server/tasks/configure/munin.yml
similarity index 55%
rename from roles/monitor/munin_server/tasks/configure/main-configuration.yml
rename to roles/nudgis/monitor/server/tasks/configure/munin.yml
index 8631b009f874daf69eeb6916233f294efa1547e5..2c1a02da68d77348464c373c79f3ae7da29fd66b 100644
--- a/roles/monitor/munin_server/tasks/configure/main-configuration.yml
+++ b/roles/nudgis/monitor/server/tasks/configure/munin.yml
@@ -1,23 +1,24 @@
---
-- name: copy munin_server configuration
- notify: restart munin-server
+- name: "Copy munin_server configuration"
+ notify: "Restart munin-server"
ansible.builtin.template:
src: munin.conf.j2
dest: /etc/munin/munin.conf
mode: "644"
-# Force munin_server restart to avoid default localdomain graph creation after remove
-- name: flush handlers
+# Force munin (server) restart to avoid default localdomain graph creation after remove
+- name: "Flush handlers"
ansible.builtin.meta: flush_handlers
# Remove default localdomain graph created after installation and before configuration
-- name: Check the existence of the localdomain folder
+- name: "Check the existence of the localdomain folder"
ansible.builtin.stat:
path: /var/cache/munin/www/localdomain
register: localdomain_dir
-- name: Remove default localdomain directory and files
+# Command module is used instead of the file (absent) module to allow a recursive deletion
+- name: "Remove default localdomain directory and files"
ansible.builtin.command:
cmd: /bin/rm -r /var/cache/munin/www/localdomain
removes: /var/cache/munin/www/localdomain
diff --git a/roles/monitor/msmonitor/tasks/configure/users.yml b/roles/nudgis/monitor/server/tasks/configure/users.yml
similarity index 64%
rename from roles/monitor/msmonitor/tasks/configure/users.yml
rename to roles/nudgis/monitor/server/tasks/configure/users.yml
index ffff544e3aec573417936b93afef621903986551..300d51dd2e85c4111573f1c503337dae547cf6f8 100644
--- a/roles/monitor/msmonitor/tasks/configure/users.yml
+++ b/roles/nudgis/monitor/server/tasks/configure/users.yml
@@ -1,13 +1,13 @@
---
-- name: Configure application users
+- name: "Configure application users"
ansible.builtin.replace:
path: /etc/webmonitor/install.ini
regexp: '^(\s*)#?\s*{{ item.name }}\s*=.*$'
replace: '\1{{ item.name }} = {{ item.value }}'
loop:
- - { name: 'ADMIN_PWD', value: '{{ monitor_user_admin_password }}' } # noqa: yaml[commas]
- - { name: 'SUPERUSER_PWD', value: '{{ monitor_user_ubicast_password }}' } # noqa: yaml[commas]
+ - { name: 'ADMIN_PWD', value: '{{ monitor_user_admin_password }}' }
+ - { name: 'SUPERUSER_PWD', value: '{{ monitor_user_ubicast_password }}' }
# /!\ Does not alter the already created instances /!\
diff --git a/roles/nudgis/monitor/server/tasks/install.yml b/roles/nudgis/monitor/server/tasks/install.yml
new file mode 100644
index 0000000000000000000000000000000000000000..21897ecd7ef3e032b47bad155fe5f75256de6423
--- /dev/null
+++ b/roles/nudgis/monitor/server/tasks/install.yml
@@ -0,0 +1,14 @@
+---
+
+- name: "Install ubicast webmonitor"
+ notify: "Configure and restart munin-node"
+ ansible.builtin.apt:
+ force_apt_get: true
+ install_recommends: false
+ state: present
+ name: "{{ webmonitor_packages + munin_server_packages }}"
+ register: apt_status
+ retries: 60
+ until: apt_status is success or ('Failed to lock apt for exclusive operation' not in apt_status.msg and '/var/lib/dpkg/lock' not in apt_status.msg)
+
+...
diff --git a/roles/nudgis/monitor/server/tasks/main.yml b/roles/nudgis/monitor/server/tasks/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..4831cba3254f3aff6f910d96e3ebc3ebab9c7388
--- /dev/null
+++ b/roles/nudgis/monitor/server/tasks/main.yml
@@ -0,0 +1,33 @@
+---
+
+- name: "INSTALL"
+ ansible.builtin.include_tasks:
+ file: "install.yml"
+ apply:
+ become: true
+ tags:
+ - install
+ tags:
+ - always
+
+- name: "BASE CONFIGURATION"
+ ansible.builtin.include_tasks:
+ file: "base.yml"
+ apply:
+ become: true
+ tags:
+ - base
+ tags:
+ - always
+
+- name: "CONFIGURE"
+ ansible.builtin.include_tasks:
+ file: "configure.yml"
+ apply:
+ become: true
+ tags:
+ - configure
+ tags:
+ - always
+
+...
diff --git a/roles/monitor/munin_server/templates/munin.conf.j2 b/roles/nudgis/monitor/server/templates/munin.conf.j2
similarity index 100%
rename from roles/monitor/munin_server/templates/munin.conf.j2
rename to roles/nudgis/monitor/server/templates/munin.conf.j2
diff --git a/roles/monitor/msmonitor/vars/main.yml b/roles/nudgis/monitor/server/vars/main.yml
similarity index 68%
rename from roles/monitor/msmonitor/vars/main.yml
rename to roles/nudgis/monitor/server/vars/main.yml
index 9e677903bf98f805d343c8559bb1e0577ce2d883..df4a53f59dd6e2f5941aeaa128ecd1579006c9fc 100644
--- a/roles/monitor/msmonitor/vars/main.yml
+++ b/roles/nudgis/monitor/server/vars/main.yml
@@ -1,7 +1,7 @@
---
# Packages required for the group
-msmonitor_packages:
+webmonitor_packages:
- ubicast-webmonitor
- ubicast-webmonitor-runtime
@@ -9,4 +9,8 @@ msmonitor_packages:
firewall_rules_files:
- http
+# Packages required for the group
+munin_server_packages:
+ - munin
+
...
diff --git a/roles/netcapture/README.md b/roles/nudgis/netcapture/README.md
similarity index 76%
rename from roles/netcapture/README.md
rename to roles/nudgis/netcapture/README.md
index 741d0111fed5500e44fc763641637f65e1ecd770..f5c6149be2c47e4c6f5aea2253eeb8d2440043ee 100644
--- a/roles/netcapture/README.md
+++ b/roles/nudgis/netcapture/README.md
@@ -7,6 +7,11 @@ The netcapture group is used to configure the server which will host UbiCast vir
Available variables are listed below, along with the descriptions and the default values.
+`netcapture_miris_user_pwd`: Password of the deployed netcapture miris API
+```
+netcapture_miris_user_pwd: "changeme"
+```
+
`netcapture_mm_url`: URL of the mirismanager to use for packages
```
netcapture_mm_url: "mirismanager.example.com"
@@ -14,5 +19,5 @@ netcapture_mm_url: "mirismanager.example.com"
`netcapture_mm_ssl`: Activates the SSL verification when calling the Nudgis Manager (Optional)
```
-netcapture_mm_ssl: True
+netcapture_mm_ssl: true
```
diff --git a/roles/netcapture/defaults/main.yml b/roles/nudgis/netcapture/defaults/main.yml
similarity index 60%
rename from roles/netcapture/defaults/main.yml
rename to roles/nudgis/netcapture/defaults/main.yml
index 99fa7be0038350194cbc1df194e98db44ec6ce14..e8abeb6414abe72aa3075ab6b7787ca397ce9ac8 100644
--- a/roles/netcapture/defaults/main.yml
+++ b/roles/nudgis/netcapture/defaults/main.yml
@@ -1,9 +1,12 @@
---
+# Password of the deployed netcapture miris API
+netcapture_miris_user_pwd: "changeme"
+
# URL of the mirismanager to use for packages
netcapture_mm_url: "mirismanager.example.com"
# Activates the SSL verification when calling the Nudgis Manager
-netcapture_mm_ssl: True
+netcapture_mm_ssl: true
...
diff --git a/roles/nudgis/netcapture/tasks/configure.yml b/roles/nudgis/netcapture/tasks/configure.yml
new file mode 100644
index 0000000000000000000000000000000000000000..020c63612bcd2a1de252cb750eb4cdf2c803f378
--- /dev/null
+++ b/roles/nudgis/netcapture/tasks/configure.yml
@@ -0,0 +1,14 @@
+---
+
+- name: "MAIN NETCAPTURE CONFIGURATION FILE"
+ ansible.builtin.include_tasks: "configure/main-configure.yml"
+ when:
+ - netcapture_mm_url is defined
+ - netcapture_mm_ssl is defined
+
+- name: "MIRIS API CONFIGURATION FILE"
+ ansible.builtin.include_tasks: "configure/miris-configure.yml"
+ when:
+ - netcapture_miris_user_pwd is defined
+
+...
diff --git a/roles/netcapture/tasks/configure/main-configure.yml b/roles/nudgis/netcapture/tasks/configure/main-configure.yml
similarity index 79%
rename from roles/netcapture/tasks/configure/main-configure.yml
rename to roles/nudgis/netcapture/tasks/configure/main-configure.yml
index e042eb39d8cf431a3165f8d37da634a388b2a9fe..0c967241b46f65e1eb30294c0b2a72acea57d6dc 100644
--- a/roles/netcapture/tasks/configure/main-configure.yml
+++ b/roles/nudgis/netcapture/tasks/configure/main-configure.yml
@@ -1,26 +1,26 @@
---
-- name: create netcapture config
+- name: "Create netcapture config"
ansible.builtin.template:
src: netcapture.json.j2
dest: /etc/miris/netcapture.json
mode: u=rw,g=r,o=r
-- name: netcapture config dir
+- name: "Netcapture config dir"
ansible.builtin.file:
path: "{{ netcapture_conf_folder }}"
group: video
mode: u=rwX,g=rwX,o=r
state: directory
-- name: netcapture media dir
+- name: "Netcapture media dir"
ansible.builtin.file:
path: "{{ netcapture_media_folder }}"
group: video
mode: u=rwX,g=rwX,o=rx
state: directory
-- name: netcapture package dir
+- name: "Netcapture package dir"
ansible.builtin.file:
path: "{{ netcapture_pkg_folder }}"
mode: u=rwX,g=rwX,o=rx
diff --git a/roles/nudgis/netcapture/tasks/configure/miris-configure.yml b/roles/nudgis/netcapture/tasks/configure/miris-configure.yml
new file mode 100644
index 0000000000000000000000000000000000000000..219ab8e87e6b92a1846d30fa71897fb3deb48f2a
--- /dev/null
+++ b/roles/nudgis/netcapture/tasks/configure/miris-configure.yml
@@ -0,0 +1,15 @@
+---
+
+- name: "Check if miris api config exists"
+ ansible.builtin.stat:
+ path: "{{ netcapture_conf_folder }}/api.json"
+ register: miris_config_file
+
+- name: "Create netcapture miris api config"
+ ansible.builtin.template:
+ src: miris-api.json.j2
+ dest: "{{ netcapture_conf_folder }}/api.json"
+ mode: u=rw,g=r,o=r
+ when: not miris_config_file.stat.exists
+
+...
diff --git a/roles/netcapture/tasks/install.yml b/roles/nudgis/netcapture/tasks/install.yml
similarity index 91%
rename from roles/netcapture/tasks/install.yml
rename to roles/nudgis/netcapture/tasks/install.yml
index 6eefafc63dd25b44bc2d6cd266d7e0646060be69..7fdc5a1ada4c94aa515d55312c77fd857deca929 100644
--- a/roles/netcapture/tasks/install.yml
+++ b/roles/nudgis/netcapture/tasks/install.yml
@@ -1,6 +1,6 @@
---
-- name: netcapture install
+- name: "Netcapture install"
ansible.builtin.apt:
force_apt_get: true
install_recommends: false
diff --git a/roles/mediaworker/tasks/main.yml b/roles/nudgis/netcapture/tasks/main.yml
similarity index 88%
rename from roles/mediaworker/tasks/main.yml
rename to roles/nudgis/netcapture/tasks/main.yml
index 4ca9b1ce59bf99a101c275a40afab2c0fc69e94a..047755f65077226019358ebe4641af98757f2629 100644
--- a/roles/mediaworker/tasks/main.yml
+++ b/roles/nudgis/netcapture/tasks/main.yml
@@ -1,6 +1,6 @@
---
-- name: INSTALL
+- name: "INSTALL"
ansible.builtin.include_tasks:
file: "install.yml"
apply:
@@ -10,7 +10,7 @@
tags:
- always
-- name: CONFIGURE
+- name: "CONFIGURE"
ansible.builtin.include_tasks:
file: "configure.yml"
apply:
diff --git a/roles/nudgis/netcapture/templates/miris-api.json.j2 b/roles/nudgis/netcapture/templates/miris-api.json.j2
new file mode 100644
index 0000000000000000000000000000000000000000..0f00edfaeb72a80887738f4a8f29cfadc9047c0f
--- /dev/null
+++ b/roles/nudgis/netcapture/templates/miris-api.json.j2
@@ -0,0 +1,4 @@
+{
+ "auth_user_password": "{{ netcapture_miris_user_pwd }}",
+ "auth_enable": {% if netcapture_miris_auth %}true{% else %}false{% endif %}
+}
diff --git a/roles/netcapture/templates/netcapture.json.j2 b/roles/nudgis/netcapture/templates/netcapture.json.j2
similarity index 100%
rename from roles/netcapture/templates/netcapture.json.j2
rename to roles/nudgis/netcapture/templates/netcapture.json.j2
diff --git a/roles/netcapture/vars/main.yml b/roles/nudgis/netcapture/vars/main.yml
similarity index 73%
rename from roles/netcapture/vars/main.yml
rename to roles/nudgis/netcapture/vars/main.yml
index c604e639f8beef1e930257db576023ee8dafbcf1..dbe0651a76c03d46d637c1e2392999fa0de0c7e2 100644
--- a/roles/netcapture/vars/main.yml
+++ b/roles/nudgis/netcapture/vars/main.yml
@@ -9,4 +9,7 @@ netcapture_conf_folder: "/etc/miris/conf"
# Folder used to store the medias
netcapture_media_folder: "/data/netcapture/media"
+# Activates the authentication for the deployed netcapture miris API
+netcapture_miris_auth: true
+
...
diff --git a/roles/nginx/README.md b/roles/nudgis/nginx/README.md
similarity index 100%
rename from roles/nginx/README.md
rename to roles/nudgis/nginx/README.md
diff --git a/roles/nginx/handlers/main.yml b/roles/nudgis/nginx/handlers/main.yml
similarity index 75%
rename from roles/nginx/handlers/main.yml
rename to roles/nudgis/nginx/handlers/main.yml
index b0abf18b3894fe1af147e0ca063f8e9e9a913d58..2345dd10ec33a598d84e650d34657538afe31606 100644
--- a/roles/nginx/handlers/main.yml
+++ b/roles/nudgis/nginx/handlers/main.yml
@@ -1,6 +1,6 @@
---
-- name: restart nginx
+- name: "Restart nginx"
ansible.builtin.systemd:
name: nginx
state: restarted
diff --git a/roles/nginx/tasks/base.yml b/roles/nudgis/nginx/tasks/base.yml
similarity index 73%
rename from roles/nginx/tasks/base.yml
rename to roles/nudgis/nginx/tasks/base.yml
index a8d6adab1d831214277beb4d5c270aa195ace4b3..560638e4d54abae8ef84d5c0f9fabd60f966d195 100644
--- a/roles/nginx/tasks/base.yml
+++ b/roles/nudgis/nginx/tasks/base.yml
@@ -1,7 +1,7 @@
---
-- name: nginx remove default vhost
- notify: restart nginx
+- name: "Nginx remove default vhost"
+ notify: "Restart nginx"
loop:
- /etc/nginx/sites-enabled/default
- /etc/nginx/sites-enabled/default.conf
@@ -10,15 +10,15 @@
state: absent
# deploy self-signed (snakeoil certificates)
-- name: nginx update ssl certificate conf
- notify: restart nginx
+- name: "Nginx update ssl certificate conf"
+ notify: "Restart nginx"
ansible.builtin.lineinfile:
path: /etc/nginx/conf.d/ssl_certificate.conf
regexp: ssl_certificate\s+([\w/\-\_\.]+);
line: ssl_certificate {{ nginx_ssl_certificate }};
-- name: nginx update ssl certificate key conf
- notify: restart nginx
+- name: "Nginx update ssl certificate key conf"
+ notify: "Restart nginx"
ansible.builtin.lineinfile:
path: /etc/nginx/conf.d/ssl_certificate.conf
regexp: ssl_certificate_key\s+([\w/\-\_\.]+);
diff --git a/roles/nginx/tasks/install.yml b/roles/nudgis/nginx/tasks/install.yml
similarity index 93%
rename from roles/nginx/tasks/install.yml
rename to roles/nudgis/nginx/tasks/install.yml
index f0125cb767bd270506fba9d0b92ef29e8e6d2b85..864f32e513fe21410c375bf363132ecd6dd99e33 100644
--- a/roles/nginx/tasks/install.yml
+++ b/roles/nudgis/nginx/tasks/install.yml
@@ -1,6 +1,6 @@
---
-- name: nginx install
+- name: "Nginx install"
ansible.builtin.apt:
force_apt_get: true
install_recommends: false
diff --git a/roles/haproxy/tasks/main.yml b/roles/nudgis/nginx/tasks/main.yml
similarity index 85%
rename from roles/haproxy/tasks/main.yml
rename to roles/nudgis/nginx/tasks/main.yml
index 5489c96f5fdafb340fd2c1d566cb768977d6e6f9..0bb18f240f3c721004ecd393e94877e1cdc6dd0c 100644
--- a/roles/haproxy/tasks/main.yml
+++ b/roles/nudgis/nginx/tasks/main.yml
@@ -1,6 +1,6 @@
---
-- name: INSTALL
+- name: "INSTALL"
ansible.builtin.include_tasks:
file: "install.yml"
apply:
@@ -10,7 +10,7 @@
tags:
- always
-- name: BASE CONFIGURATION
+- name: "BASE CONFIGURATION"
ansible.builtin.include_tasks:
file: "base.yml"
apply:
diff --git a/roles/nginx/templates/realip.conf.j2 b/roles/nudgis/nginx/templates/realip.conf.j2
similarity index 100%
rename from roles/nginx/templates/realip.conf.j2
rename to roles/nudgis/nginx/templates/realip.conf.j2
diff --git a/roles/nginx/vars/main.yml b/roles/nudgis/nginx/vars/main.yml
similarity index 100%
rename from roles/nginx/vars/main.yml
rename to roles/nudgis/nginx/vars/main.yml
diff --git a/roles/postgres/README.md b/roles/nudgis/postgres/README.md
similarity index 85%
rename from roles/postgres/README.md
rename to roles/nudgis/postgres/README.md
index 1863d6d68466f3135b833d78f5a46b40118fbe91..ec0d2aa16431492b0f7a18049c84c3cca2f90dee 100644
--- a/roles/postgres/README.md
+++ b/roles/nudgis/postgres/README.md
@@ -13,3 +13,8 @@ Available variables are listed below, along with the descriptions and the defaul
```
database_password: "changeit"
```
+
+`repmgr_password`: [HA only] Password of the repmgr DB user (Optional)
+```
+repmgr_password: ""
+```
diff --git a/roles/postgres/defaults/main.yml b/roles/nudgis/postgres/defaults/main.yml
similarity index 56%
rename from roles/postgres/defaults/main.yml
rename to roles/nudgis/postgres/defaults/main.yml
index 6ab81de446a5c5eeb56a09e701ecef8f91892574..184b96c7ddaa98d11efb1b3f2ac01d48314a2d7b 100644
--- a/roles/postgres/defaults/main.yml
+++ b/roles/nudgis/postgres/defaults/main.yml
@@ -3,4 +3,7 @@
# Password for the postgres admin account
database_password: "changeit"
+# [HA only] Password of the repmgr DB user
+repmgr_password: ""
+
...
diff --git a/roles/postgres/files/logrotate-postgresql b/roles/nudgis/postgres/files/logrotate-postgresql
similarity index 100%
rename from roles/postgres/files/logrotate-postgresql
rename to roles/nudgis/postgres/files/logrotate-postgresql
diff --git a/roles/postgres/handlers/main.yml b/roles/nudgis/postgres/handlers/main.yml
similarity index 55%
rename from roles/postgres/handlers/main.yml
rename to roles/nudgis/postgres/handlers/main.yml
index 9fc74fcdb6c2904d6dd92b070e7895baa4537c8c..f9b3d19e35386a8986f2328911215c27a0457dc0 100644
--- a/roles/postgres/handlers/main.yml
+++ b/roles/nudgis/postgres/handlers/main.yml
@@ -1,10 +1,10 @@
---
-- name: restart postgresql
+- name: "Restart postgresql"
ansible.builtin.systemd:
name: postgresql@{{ database_version }}-{{ database_cluster }}
state: restarted
-- import_tasks: ../../shared/handlers/nftables.yml # noqa: name[missing]
+- ansible.builtin.import_tasks: ../../shared/handlers/nftables.yml
...
diff --git a/roles/nudgis/postgres/tasks/base.yml b/roles/nudgis/postgres/tasks/base.yml
new file mode 100644
index 0000000000000000000000000000000000000000..5d89ff16980e1abc3e49508c5ce18c7b49d2c73a
--- /dev/null
+++ b/roles/nudgis/postgres/tasks/base.yml
@@ -0,0 +1,11 @@
+---
+
+- name: "BASE CONFIGURE POSTGRESQL LOGROTATE"
+ ansible.builtin.include_tasks: "base/logrotate.yml"
+
+- ansible.builtin.import_tasks: ../../shared/tasks/firewall_rules_files.yml
+
+- name: "Flush handlers"
+ ansible.builtin.meta: flush_handlers
+
+...
diff --git a/roles/postgres/tasks/base/logrotate.yml b/roles/nudgis/postgres/tasks/base/logrotate.yml
similarity index 83%
rename from roles/postgres/tasks/base/logrotate.yml
rename to roles/nudgis/postgres/tasks/base/logrotate.yml
index 10d7be3deaff96cfe88c43765704057afdad8057..c1dc3f756489c955afddb7ceb692856d71feeb2b 100644
--- a/roles/postgres/tasks/base/logrotate.yml
+++ b/roles/nudgis/postgres/tasks/base/logrotate.yml
@@ -1,6 +1,6 @@
---
-- name: update logrotate config
+- name: "Update logrotate config"
ansible.builtin.copy:
src: logrotate-postgresql
dest: /etc/logrotate.d/postgresql-common
diff --git a/roles/postgres/tasks/configure.yml b/roles/nudgis/postgres/tasks/configure.yml
similarity index 58%
rename from roles/postgres/tasks/configure.yml
rename to roles/nudgis/postgres/tasks/configure.yml
index 5d2cf0f1ada0c9258f2d5ee90a701e7f14d4c381..fbf417c8509594254693dc1d8839f566a5f04790 100644
--- a/roles/postgres/tasks/configure.yml
+++ b/roles/nudgis/postgres/tasks/configure.yml
@@ -1,24 +1,24 @@
---
# Configurartions files must stay here even without variables
-# This role can be called from postgres-ha (with configure tag) with custom variables
+# This role can be called from postgres_ha (with configure tag) with custom variables
-- name: CONFIGURE POSTGRESQL CUSTOM SETTINGS
+- name: "CONFIGURE POSTGRESQL CUSTOM SETTINGS"
ansible.builtin.include_tasks: "configure/custom-settings.yml"
-- name: CONFIGURE POSTGRESQL EXTERNAL AUTHENTICATIONS
+- name: "CONFIGURE POSTGRESQL EXTERNAL AUTHENTICATIONS"
ansible.builtin.include_tasks: "configure/authentication.yml"
-- name: CONFIGURE POSTGRESQL INTERNAL USERS
+- name: "CONFIGURE POSTGRESQL INTERNAL USERS"
ansible.builtin.include_tasks: "configure/users.yml"
when:
- database_password is defined
-- name: CREATE POSTGRESQL DATABASES
+- name: "CREATE POSTGRESQL DATABASES"
ansible.builtin.include_tasks: "configure/databases.yml"
# Flush to restart postgresql in time for HA deployment
-- name: Flush handlers
- meta: flush_handlers
+- name: "Flush handlers"
+ ansible.builtin.meta: flush_handlers
...
diff --git a/roles/postgres/tasks/configure/authentication.yml b/roles/nudgis/postgres/tasks/configure/authentication.yml
similarity index 73%
rename from roles/postgres/tasks/configure/authentication.yml
rename to roles/nudgis/postgres/tasks/configure/authentication.yml
index 39fab0029e9af3662ec0939364d255857fda3738..d8b7f854f2cb7fc67c64b43223f3c66429ac75e2 100644
--- a/roles/postgres/tasks/configure/authentication.yml
+++ b/roles/nudgis/postgres/tasks/configure/authentication.yml
@@ -1,7 +1,7 @@
---
-- name: configure authentication
- notify: restart postgresql
+- name: "Configure authentication"
+ notify: "Restart postgresql"
ansible.builtin.template:
src: pg_hba.conf.j2
dest: "{{ database_conf_dir }}/pg_hba.conf"
diff --git a/roles/postgres/tasks/configure/custom-settings.yml b/roles/nudgis/postgres/tasks/configure/custom-settings.yml
similarity index 79%
rename from roles/postgres/tasks/configure/custom-settings.yml
rename to roles/nudgis/postgres/tasks/configure/custom-settings.yml
index 19dafc34064c083a0d3e45ceb514c8fc11b54116..8f63c1ce44b0ba6726c1fc5fdfcec6cc0be074cc 100644
--- a/roles/postgres/tasks/configure/custom-settings.yml
+++ b/roles/nudgis/postgres/tasks/configure/custom-settings.yml
@@ -1,7 +1,7 @@
---
-- name: configure custom settings
- notify: restart postgresql
+- name: "Configure custom settings"
+ notify: "Restart postgresql"
when: item.content | d(false)
ansible.builtin.copy:
dest: "{{ database_conf_dir }}/conf.d/{{ item.name }}.conf"
diff --git a/roles/postgres/tasks/configure/databases.yml b/roles/nudgis/postgres/tasks/configure/databases.yml
similarity index 87%
rename from roles/postgres/tasks/configure/databases.yml
rename to roles/nudgis/postgres/tasks/configure/databases.yml
index f5424435156109399981c460e34bfe45e8292c4a..20f5c3d7c18d7841adce6d33b8fc603e55e99a55 100644
--- a/roles/postgres/tasks/configure/databases.yml
+++ b/roles/nudgis/postgres/tasks/configure/databases.yml
@@ -1,6 +1,6 @@
---
-- name: create databases
+- name: "Create databases"
become: true
become_user: postgres
loop: "{{ database_databases }}"
diff --git a/roles/postgres/tasks/configure/users.yml b/roles/nudgis/postgres/tasks/configure/users.yml
similarity index 87%
rename from roles/postgres/tasks/configure/users.yml
rename to roles/nudgis/postgres/tasks/configure/users.yml
index 42dbcc01311cd0f825d0760308acc04b6b1c93f9..8fc61084376e67feb0845d2276ab1e039cf4737e 100644
--- a/roles/postgres/tasks/configure/users.yml
+++ b/roles/nudgis/postgres/tasks/configure/users.yml
@@ -1,6 +1,6 @@
---
-- name: set superuser password
+- name: "Set superuser password"
become: true
become_user: postgres
no_log: true
@@ -8,7 +8,7 @@
name: postgres
password: "{{ database_password | d(omit) }}"
-- name: manage users
+- name: "Manage users"
become: true
become_user: postgres
no_log: true
@@ -20,7 +20,7 @@
priv: "{{ item.priv | d(omit) }}"
role_attr_flags: "{{ item.roles | d(omit) }}"
-- name: set .pgpass to allow passwordless connection
+- name: "Set .pgpass to allow passwordless connection"
loop: "{{ query('nested', ['root', 'postgres'], database_users) }}"
ansible.builtin.blockinfile:
path: ~{{ item.0 }}/.pgpass
diff --git a/roles/postgres/tasks/install.yml b/roles/nudgis/postgres/tasks/install.yml
similarity index 91%
rename from roles/postgres/tasks/install.yml
rename to roles/nudgis/postgres/tasks/install.yml
index f43a8cd47931284ab9ce4b22e644697f10717227..4308d280fb68a9cddf5cc242394dd5798064df8f 100644
--- a/roles/postgres/tasks/install.yml
+++ b/roles/nudgis/postgres/tasks/install.yml
@@ -1,6 +1,6 @@
---
-- name: install packages
+- name: "Install packages"
ansible.builtin.apt:
force_apt_get: true
install_recommends: false
diff --git a/roles/nudgis/postgres/tasks/main.yml b/roles/nudgis/postgres/tasks/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..4831cba3254f3aff6f910d96e3ebc3ebab9c7388
--- /dev/null
+++ b/roles/nudgis/postgres/tasks/main.yml
@@ -0,0 +1,33 @@
+---
+
+- name: "INSTALL"
+ ansible.builtin.include_tasks:
+ file: "install.yml"
+ apply:
+ become: true
+ tags:
+ - install
+ tags:
+ - always
+
+- name: "BASE CONFIGURATION"
+ ansible.builtin.include_tasks:
+ file: "base.yml"
+ apply:
+ become: true
+ tags:
+ - base
+ tags:
+ - always
+
+- name: "CONFIGURE"
+ ansible.builtin.include_tasks:
+ file: "configure.yml"
+ apply:
+ become: true
+ tags:
+ - configure
+ tags:
+ - always
+
+...
diff --git a/roles/postgres/templates/pg_hba.conf.j2 b/roles/nudgis/postgres/templates/pg_hba.conf.j2
similarity index 100%
rename from roles/postgres/templates/pg_hba.conf.j2
rename to roles/nudgis/postgres/templates/pg_hba.conf.j2
diff --git a/roles/postgres/vars/main.yml b/roles/nudgis/postgres/vars/main.yml
similarity index 100%
rename from roles/postgres/vars/main.yml
rename to roles/nudgis/postgres/vars/main.yml
diff --git a/roles/nudgis/postgres_ha/README.md b/roles/nudgis/postgres_ha/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..d5126427a30ae893c5e426ac846b3351a3c33f47
--- /dev/null
+++ b/roles/nudgis/postgres_ha/README.md
@@ -0,0 +1,4 @@
+# Postgres_ha
+## Description
+
+Override the postgres role with High availibility elements
diff --git a/roles/postgres-ha/defaults/main.yml b/roles/nudgis/postgres_ha/defaults/main.yml
similarity index 100%
rename from roles/postgres-ha/defaults/main.yml
rename to roles/nudgis/postgres_ha/defaults/main.yml
diff --git a/roles/postgres-ha/handlers/main.yml b/roles/nudgis/postgres_ha/handlers/main.yml
similarity index 65%
rename from roles/postgres-ha/handlers/main.yml
rename to roles/nudgis/postgres_ha/handlers/main.yml
index bded77908b93172f841abb386e9d33243a3a45b6..25999a51fd846e7e224ffd07e2bf50b63f2f68c8 100644
--- a/roles/postgres-ha/handlers/main.yml
+++ b/roles/nudgis/postgres_ha/handlers/main.yml
@@ -1,24 +1,24 @@
---
-- name: reload systemd
+- name: "Reload systemd"
ansible.builtin.systemd:
daemon_reload: true
-- name: restart postgresql
+- name: "Restart postgresql"
ansible.builtin.systemd:
name: postgresql@{{ repmgr_database_version }}-{{ repmgr_database_cluster }}
state: restarted
-- name: restart repmgrd
+- name: "Restart repmgrd"
ansible.builtin.systemd:
name: repmgrd
state: restarted
-- name: restart rephacheck
+- name: "Restart rephacheck"
ansible.builtin.systemd:
name: rephacheck.socket
state: restarted
-- import_tasks: ../../shared/handlers/nftables.yml # noqa: name[missing]
+- ansible.builtin.import_tasks: ../../shared/handlers/nftables.yml
...
diff --git a/roles/nudgis/postgres_ha/tasks/base.yml b/roles/nudgis/postgres_ha/tasks/base.yml
new file mode 100644
index 0000000000000000000000000000000000000000..48d4a24d988f1e35eec65aebe22a9558b48b68cf
--- /dev/null
+++ b/roles/nudgis/postgres_ha/tasks/base.yml
@@ -0,0 +1,18 @@
+---
+
+- name: "BASE CONFIGURE REPGMR"
+ ansible.builtin.include_tasks: "base/repmgr.yml"
+
+- name: "BASE CONFIGURE SWAPPINESS"
+ ansible.builtin.include_tasks: "base/swappiness.yml"
+
+- name: "BASE CONFIGURE REPHACHECK"
+ ansible.builtin.include_tasks: "base/rephacheck.yml"
+
+- name: "BASE CONFIGURE FIREWALL RULES"
+ ansible.builtin.import_tasks: ../../shared/tasks/firewall_rules_files.yml
+
+- name: "Flush handlers"
+ ansible.builtin.meta: flush_handlers
+
+...
diff --git a/roles/postgres-ha/tasks/base/rephacheck.yml b/roles/nudgis/postgres_ha/tasks/base/rephacheck.yml
similarity index 77%
rename from roles/postgres-ha/tasks/base/rephacheck.yml
rename to roles/nudgis/postgres_ha/tasks/base/rephacheck.yml
index 7a54dad0f7ad240c7d4bc148fed76c74b40aa653..717370fc6ee86082e3317a8c9d131ed326d7aebc 100644
--- a/roles/postgres-ha/tasks/base/rephacheck.yml
+++ b/roles/nudgis/postgres_ha/tasks/base/rephacheck.yml
@@ -1,17 +1,17 @@
---
-- name: install rephacheck
+- name: "Install rephacheck"
ansible.builtin.template:
src: rephacheck.py.j2
dest: /usr/bin/rephacheck
mode: "0755"
-- name: register variables needed by rephacheck as facts
+- name: "Register variables needed by rephacheck as facts"
ansible.builtin.set_fact:
repmgr_node_name: "{{ repmgr_node_name }}"
repmgr_node_id: "{{ repmgr_node_id }}"
-- name: configure rephacheck
+- name: "Configure rephacheck"
ansible.builtin.template:
src: rephacheck.conf.j2
dest: /etc/postgresql/{{ repmgr_database_version }}/{{ repmgr_database_cluster }}/rephacheck.conf
@@ -19,10 +19,10 @@
group: postgres
mode: "0644"
-- name: configure rephacheck socket
+- name: "Configure rephacheck socket"
notify:
- - reload systemd
- - restart rephacheck
+ - "Reload systemd"
+ - "Restart rephacheck"
ansible.builtin.copy:
dest: /etc/systemd/system/rephacheck.socket
mode: "644"
@@ -37,10 +37,10 @@
[Install]
WantedBy=sockets.target
-- name: configure rephacheck service
+- name: "Configure rephacheck service"
notify:
- - reload systemd
- - restart rephacheck
+ - "Reload systemd"
+ - "Restart rephacheck"
ansible.builtin.copy:
dest: /etc/systemd/system/rephacheck@.service
mode: "644"
@@ -54,7 +54,7 @@
User=postgres
Group=postgres
-- name: enable and start rephacheck
+- name: "Enable and start rephacheck"
ansible.builtin.service:
name: rephacheck.socket
state: started
diff --git a/roles/postgres-ha/tasks/base/repmgr.yml b/roles/nudgis/postgres_ha/tasks/base/repmgr.yml
similarity index 87%
rename from roles/postgres-ha/tasks/base/repmgr.yml
rename to roles/nudgis/postgres_ha/tasks/base/repmgr.yml
index 5902c272247d81ea1b61a6aea299800048684c84..88483e34b0c03cd880c1552538bf11e082dca4e3 100644
--- a/roles/postgres-ha/tasks/base/repmgr.yml
+++ b/roles/nudgis/postgres_ha/tasks/base/repmgr.yml
@@ -1,7 +1,7 @@
---
-- name: configure repmgr
- notify: restart repmgrd
+- name: "Configure repmgr"
+ notify: "Restart repmgrd"
ansible.builtin.template:
src: repmgr.conf.j2
dest: "{{ repmgr_conf_file }}"
@@ -9,8 +9,8 @@
group: postgres
mode: "644"
-- name: configure debian default
- notify: restart repmgrd
+- name: "Configure debian default"
+ notify: "Restart repmgrd"
loop:
- key: REPMGRD_ENABLED
value: "yes"
@@ -21,7 +21,7 @@
regexp: ^#?{{ item.key }}=.*$
replace: "{{ item.key }}={{ item.value }}"
-- name: configure sudo
+- name: "Configure sudo"
ansible.builtin.copy:
dest: /etc/sudoers.d/postgres
validate: visudo -cf %s
diff --git a/roles/postgres-ha/tasks/base/swappiness.yml b/roles/nudgis/postgres_ha/tasks/base/swappiness.yml
similarity index 95%
rename from roles/postgres-ha/tasks/base/swappiness.yml
rename to roles/nudgis/postgres_ha/tasks/base/swappiness.yml
index c163eda5f860cee8259f6b939d768a54d52258fc..705dc4cf99976ccd9fb7f9d01bf559025186d1d7 100644
--- a/roles/postgres-ha/tasks/base/swappiness.yml
+++ b/roles/nudgis/postgres_ha/tasks/base/swappiness.yml
@@ -1,6 +1,6 @@
---
-- name: configure swappiness
+- name: "Configure swappiness"
ansible.builtin.copy:
dest: /etc/sysctl.d/40-swappiness.conf
owner: "root"
diff --git a/roles/postgres-ha/tasks/configure.yml b/roles/nudgis/postgres_ha/tasks/configure.yml
similarity index 61%
rename from roles/postgres-ha/tasks/configure.yml
rename to roles/nudgis/postgres_ha/tasks/configure.yml
index 0a10554bfab73bc4a600d4c77fc9962ec1c58c8e..432350e10fa809472fd9a48650c91b000b58705d 100644
--- a/roles/postgres-ha/tasks/configure.yml
+++ b/roles/nudgis/postgres_ha/tasks/configure.yml
@@ -1,21 +1,21 @@
---
-- name: CONFIGURE POSTGRESQL-HA
+- name: "CONFIGURE POSTGRESQL-HA"
ansible.builtin.include_tasks: "configure/postgres-role.yml"
-- name: CONFIGURE SSH BETWEEN SERVERS
+- name: "CONFIGURE SSH BETWEEN SERVERS"
ansible.builtin.include_tasks: "configure/ssh-key.yml"
-- name: CONFIGURE POSTGRESQL PRIMARY NODE
+- name: "CONFIGURE POSTGRESQL PRIMARY NODE"
ansible.builtin.include_tasks: "configure/register-primary.yml"
-- name: CONFIGURE POSTGRESQL STANDBY NODE
+- name: "CONFIGURE POSTGRESQL STANDBY NODE"
ansible.builtin.include_tasks: "configure/register-standby.yml"
-- name: CONFIGURE POSTGRESQL WITNESS NODE
+- name: "CONFIGURE POSTGRESQL WITNESS NODE"
ansible.builtin.include_tasks: "configure/register-witness.yml"
-- name: flush handlers
+- name: "Flush handlers"
ansible.builtin.meta: flush_handlers
...
diff --git a/roles/postgres-ha/tasks/configure/postgres-role.yml b/roles/nudgis/postgres_ha/tasks/configure/postgres-role.yml
similarity index 92%
rename from roles/postgres-ha/tasks/configure/postgres-role.yml
rename to roles/nudgis/postgres_ha/tasks/configure/postgres-role.yml
index 0f74513bdf3a15647e63e0807ca4bfb6097b82b3..6d4a2171ad4bd2f84893bd852ffd6b55ecd0456e 100644
--- a/roles/postgres-ha/tasks/configure/postgres-role.yml
+++ b/roles/nudgis/postgres_ha/tasks/configure/postgres-role.yml
@@ -1,6 +1,6 @@
---
-- name: postgresql
+- name: "Postgresql"
vars:
database_host_authentification:
- type: local
@@ -29,10 +29,10 @@
database: replication
address: ::/0
database_conf:
- - name: main
+ - name: "Main"
content: |
listen_addresses = '*'
- - name: modules
+ - name: "Modules"
content: |
shared_preload_libraries = 'repmgr'
database_users:
@@ -43,6 +43,6 @@
- name: "{{ repmgr_database }}"
owner: "{{ repmgr_user }}"
ansible.builtin.include_role:
- name: postgres
+ name: nudgis/postgres
...
diff --git a/roles/postgres-ha/tasks/configure/register-primary.yml b/roles/nudgis/postgres_ha/tasks/configure/register-primary.yml
similarity index 51%
rename from roles/postgres-ha/tasks/configure/register-primary.yml
rename to roles/nudgis/postgres_ha/tasks/configure/register-primary.yml
index 88e4a499df7988c7b6404296a671e3949b643ec4..b934291811070aa9e689c12d51ba738cbc94e578 100644
--- a/roles/postgres-ha/tasks/configure/register-primary.yml
+++ b/roles/nudgis/postgres_ha/tasks/configure/register-primary.yml
@@ -1,12 +1,9 @@
---
-- name: setup primary
- when: >
- (database_role is defined and database_role == "primary") or
- (database_role is undefined and inventory_hostname == groups['postgres'][0]) or
- (database_role is defined and database_role == "" and inventory_hostname == groups['postgres'][0])
+- name: "Setup primary"
+ when: inventory_hostname == groups['postgres'][0]
block:
- - name: check if primary already joined
+ - name: "Check if primary already joined"
become: true
become_user: postgres
register: repmgr_check_primary
@@ -14,15 +11,15 @@
db: repmgr
query: SELECT 1 FROM pg_tables WHERE tablename='nodes'
- - name: register primary
+ - name: "Register primary"
become: true
become_user: postgres
changed_when: true
when: repmgr_check_primary.query_result | length == 0
- notify: restart repmgrd
+ notify: "Restart repmgrd"
ansible.builtin.command:
cmd: repmgr --config-file={{ repmgr_conf_file }} primary register
-- ansible.builtin.meta: flush_handlers # noqa name[missing]
+- ansible.builtin.meta: flush_handlers
...
diff --git a/roles/postgres-ha/tasks/configure/register-standby.yml b/roles/nudgis/postgres_ha/tasks/configure/register-standby.yml
similarity index 75%
rename from roles/postgres-ha/tasks/configure/register-standby.yml
rename to roles/nudgis/postgres_ha/tasks/configure/register-standby.yml
index 1c1a7ec03b673be5ea2c148daf187a2c508592e3..cdeaefb25bd35204d53f7e395c95e88a46d37e56 100644
--- a/roles/postgres-ha/tasks/configure/register-standby.yml
+++ b/roles/nudgis/postgres_ha/tasks/configure/register-standby.yml
@@ -1,12 +1,9 @@
---
-- name: setup standby
- when: >
- (database_role is defined and database_role == "standby") or
- (database_role is undefined and inventory_hostname == groups['postgres'][1]) or
- (database_role is defined and database_role == "" and inventory_hostname == groups['postgres'][1])
+- name: "Setup standby"
+ when: inventory_hostname == groups['postgres'][1]
block:
- - name: check if standby already joined
+ - name: "Check if standby already joined"
become: true
become_user: postgres
register: repmgr_check_standby
@@ -14,19 +11,19 @@
db: repmgr
query: SELECT 1 FROM pg_tables WHERE tablename='nodes'
- - name: stop postgresql service
+ - name: "Stop postgresql service"
when: repmgr_check_standby.query_result | length == 0
ansible.builtin.systemd:
name: postgresql@{{ repmgr_database_version }}-{{ repmgr_database_cluster }}
state: stopped
- - name: remove existing pgdata
+ - name: "Remove existing pgdata"
when: repmgr_check_standby.query_result | length == 0
ansible.builtin.command:
cmd: mv -vf {{ repmgr_database_data_dir }} {{ repmgr_database_data_dir }}.save
removes: "{{ repmgr_database_data_dir }}"
- - name: clone from primary to standby
+ - name: "Clone from primary to standby"
become: true
become_user: postgres
changed_when: true
@@ -45,43 +42,43 @@
--pgdata={{ repmgr_database_data_dir }} \
standby clone --fast-checkpoint
- - name: remove pgdata backup
+ - name: "Remove pgdata backup"
when: repmgr_clone_standby is succeeded
ansible.builtin.file:
path: "{{ repmgr_database_data_dir }}.save"
state: absent
- - name: remove failed clone pgdata
+ - name: "Remove failed clone pgdata"
when: repmgr_clone_standby is failed
ansible.builtin.file:
path: "{{ repmgr_database_data_dir }}"
state: absent
- - name: restore pgdata backup
+ - name: "Restore pgdata backup"
when: repmgr_clone_standby is failed
ansible.builtin.command:
cmd: mv -vf {{ repmgr_database_data_dir }}.save {{ repmgr_database_data_dir }}
removes: "{{ repmgr_database_data_dir }}.save"
- - name: start postgresql service
+ - name: "Start postgresql service"
ansible.builtin.systemd:
name: postgresql@{{ repmgr_database_version }}-{{ repmgr_database_cluster }}
state: started
- - name: standby clone failed
+ - name: "Standby clone failed"
when: repmgr_clone_standby is failed
ansible.builtin.fail:
msg: "{{ repmgr_clone_standby.stderr }}"
- - name: register standby
+ - name: "Register standby"
become: true
become_user: postgres
changed_when: true
when: repmgr_check_standby.query_result | length == 0
- notify: restart repmgrd
+ notify: "Restart repmgrd"
ansible.builtin.command:
cmd: repmgr --config-file={{ repmgr_conf_file }} standby register
-- ansible.builtin.meta: flush_handlers # noqa name[missing]
+- ansible.builtin.meta: flush_handlers
...
diff --git a/roles/postgres-ha/tasks/configure/register-witness.yml b/roles/nudgis/postgres_ha/tasks/configure/register-witness.yml
similarity index 52%
rename from roles/postgres-ha/tasks/configure/register-witness.yml
rename to roles/nudgis/postgres_ha/tasks/configure/register-witness.yml
index c64039f287c3b05d5e60d094af86cb82510ffc20..259720fd6f98e11bf03d8ee7f8e09cfe90a38abb 100644
--- a/roles/postgres-ha/tasks/configure/register-witness.yml
+++ b/roles/nudgis/postgres_ha/tasks/configure/register-witness.yml
@@ -1,12 +1,9 @@
---
-- name: setup witness
- when: >
- (database_role is defined and database_role == "witness") or
- (database_role is undefined and inventory_hostname == groups['postgres'][2]) or
- (database_role is defined and database_role == "" and inventory_hostname == groups['postgres'][2])
+- name: "Setup witness"
+ when: inventory_hostname == groups['postgres'][2]
block:
- - name: check if witness already joined
+ - name: "Check if witness already joined"
become: true
become_user: postgres
register: repmgr_check_witness
@@ -14,15 +11,15 @@
db: repmgr
query: SELECT 1 FROM pg_tables WHERE tablename='nodes'
- - name: register witness
+ - name: "Register witness"
become: true
become_user: postgres
changed_when: true
when: repmgr_check_witness.query_result | length == 0
- notify: restart repmgrd
+ notify: "Restart repmgrd"
ansible.builtin.command:
cmd: repmgr --config-file={{ repmgr_conf_file }} --host={{ repmgr_primary_node }} witness register
-- ansible.builtin.meta: flush_handlers # noqa name[missing]
+- ansible.builtin.meta: flush_handlers
...
diff --git a/roles/postgres-ha/tasks/configure/ssh-key.yml b/roles/nudgis/postgres_ha/tasks/configure/ssh-key.yml
similarity index 73%
rename from roles/postgres-ha/tasks/configure/ssh-key.yml
rename to roles/nudgis/postgres_ha/tasks/configure/ssh-key.yml
index 6236354b6942aaad7f14c0961722fd69ace5298d..9626e3136e51ed12146c3cde175253daf44aa9b6 100644
--- a/roles/postgres-ha/tasks/configure/ssh-key.yml
+++ b/roles/nudgis/postgres_ha/tasks/configure/ssh-key.yml
@@ -1,28 +1,28 @@
---
-- name: ensure postgres account have a ssh keypair
+- name: "Ensure postgres account have a ssh keypair"
ansible.builtin.user:
name: postgres
generate_ssh_key: true
ssh_key_type: ed25519
ssh_key_file: ~postgres/.ssh/id_ed25519
-- name: fetch postgres ssh public key
+- name: "Fetch postgres ssh public key"
register: repmgr_postgres_ssh_pubkey
ansible.builtin.slurp:
path: ~postgres/.ssh/id_ed25519.pub
-- name: register postgres ssh public key as an ansible fact
+- name: "Register postgres ssh public key as an ansible fact"
ansible.builtin.set_fact:
pubkey: "{{ repmgr_postgres_ssh_pubkey['content'] | b64decode }}"
-- name: share postgres ssh public key between cluster members
+- name: "Share postgres ssh public key between cluster members"
loop: "{{ groups['postgres'] }}"
ansible.posix.authorized_key:
user: postgres
key: "{{ hostvars[item]['pubkey'] }}"
-- name: postgres ssh client configuration
+- name: "Postgres ssh client configuration"
ansible.builtin.copy:
dest: ~postgres/.ssh/config
owner: postgres
diff --git a/roles/postgres-ha/tasks/install.yml b/roles/nudgis/postgres_ha/tasks/install.yml
similarity index 91%
rename from roles/postgres-ha/tasks/install.yml
rename to roles/nudgis/postgres_ha/tasks/install.yml
index 24cfbec887d76901cfce8a1c97dbddac0e6007ef..34e6055b5a70ebbabcda20cd4b2e7c80989af1ba 100644
--- a/roles/postgres-ha/tasks/install.yml
+++ b/roles/nudgis/postgres_ha/tasks/install.yml
@@ -1,6 +1,6 @@
---
-- name: install packages
+- name: "Install packages"
ansible.builtin.apt:
force_apt_get: true
install_recommends: false
diff --git a/roles/nudgis/postgres_ha/tasks/main.yml b/roles/nudgis/postgres_ha/tasks/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..4831cba3254f3aff6f910d96e3ebc3ebab9c7388
--- /dev/null
+++ b/roles/nudgis/postgres_ha/tasks/main.yml
@@ -0,0 +1,33 @@
+---
+
+- name: "INSTALL"
+ ansible.builtin.include_tasks:
+ file: "install.yml"
+ apply:
+ become: true
+ tags:
+ - install
+ tags:
+ - always
+
+- name: "BASE CONFIGURATION"
+ ansible.builtin.include_tasks:
+ file: "base.yml"
+ apply:
+ become: true
+ tags:
+ - base
+ tags:
+ - always
+
+- name: "CONFIGURE"
+ ansible.builtin.include_tasks:
+ file: "configure.yml"
+ apply:
+ become: true
+ tags:
+ - configure
+ tags:
+ - always
+
+...
diff --git a/roles/postgres-ha/templates/rephacheck.conf.j2 b/roles/nudgis/postgres_ha/templates/rephacheck.conf.j2
similarity index 100%
rename from roles/postgres-ha/templates/rephacheck.conf.j2
rename to roles/nudgis/postgres_ha/templates/rephacheck.conf.j2
diff --git a/roles/postgres-ha/templates/rephacheck.py.j2 b/roles/nudgis/postgres_ha/templates/rephacheck.py.j2
similarity index 100%
rename from roles/postgres-ha/templates/rephacheck.py.j2
rename to roles/nudgis/postgres_ha/templates/rephacheck.py.j2
diff --git a/roles/postgres-ha/templates/repmgr.conf.j2 b/roles/nudgis/postgres_ha/templates/repmgr.conf.j2
similarity index 100%
rename from roles/postgres-ha/templates/repmgr.conf.j2
rename to roles/nudgis/postgres_ha/templates/repmgr.conf.j2
diff --git a/roles/postgres-ha/vars/main.yml b/roles/nudgis/postgres_ha/vars/main.yml
similarity index 89%
rename from roles/postgres-ha/vars/main.yml
rename to roles/nudgis/postgres_ha/vars/main.yml
index 6dadc0ad4419124e72e76aa8012a530d001e04f8..ac6ebc76e0a54daef0b0bbbfcbe5408cd07c5c8e 100644
--- a/roles/postgres-ha/vars/main.yml
+++ b/roles/nudgis/postgres_ha/vars/main.yml
@@ -1,8 +1,5 @@
---
-# [HA only] Define database role on this host. Possible values: primary, standby or witness (first server of "postgres" group is primary, second "standby" and the third is "witness" automagically)
-database_role: ""
-
# [HA only] Conninfo parameter populated in the repmgr configuration file
repmgr_conninfo: "host={{ ansible_default_ipv4.address }} dbname={{ repmgr_database }} user={{ repmgr_user }} connect_timeout={{ repmgr_timeout }}"
diff --git a/roles/shared/files/nftables/apt-cacher.nft b/roles/nudgis/shared/files/nftables/apt-cacher.nft
similarity index 100%
rename from roles/shared/files/nftables/apt-cacher.nft
rename to roles/nudgis/shared/files/nftables/apt-cacher.nft
diff --git a/roles/shared/files/nftables/celerity.nft b/roles/nudgis/shared/files/nftables/celerity.nft
similarity index 100%
rename from roles/shared/files/nftables/celerity.nft
rename to roles/nudgis/shared/files/nftables/celerity.nft
diff --git a/roles/shared/files/nftables/ftp.nft b/roles/nudgis/shared/files/nftables/ftp.nft
similarity index 100%
rename from roles/shared/files/nftables/ftp.nft
rename to roles/nudgis/shared/files/nftables/ftp.nft
diff --git a/roles/shared/files/nftables/http.nft b/roles/nudgis/shared/files/nftables/http.nft
similarity index 100%
rename from roles/shared/files/nftables/http.nft
rename to roles/nudgis/shared/files/nftables/http.nft
diff --git a/roles/shared/files/nftables/munin-node.nft b/roles/nudgis/shared/files/nftables/munin-node.nft
similarity index 100%
rename from roles/shared/files/nftables/munin-node.nft
rename to roles/nudgis/shared/files/nftables/munin-node.nft
diff --git a/roles/shared/files/nftables/postgres.nft b/roles/nudgis/shared/files/nftables/postgres.nft
similarity index 100%
rename from roles/shared/files/nftables/postgres.nft
rename to roles/nudgis/shared/files/nftables/postgres.nft
diff --git a/roles/shared/files/nftables/rephacheck.nft b/roles/nudgis/shared/files/nftables/rephacheck.nft
similarity index 100%
rename from roles/shared/files/nftables/rephacheck.nft
rename to roles/nudgis/shared/files/nftables/rephacheck.nft
diff --git a/roles/shared/files/nftables/rtmp.nft b/roles/nudgis/shared/files/nftables/rtmp.nft
similarity index 100%
rename from roles/shared/files/nftables/rtmp.nft
rename to roles/nudgis/shared/files/nftables/rtmp.nft
diff --git a/roles/shared/handlers/celerity.yml b/roles/nudgis/shared/handlers/celerity.yml
similarity index 69%
rename from roles/shared/handlers/celerity.yml
rename to roles/nudgis/shared/handlers/celerity.yml
index 8b10bf7f7a1a79f73fe08402fe76727fcc32ce4e..d566c3748be19aba54397c53ec1f3dbe3da79ea4 100644
--- a/roles/shared/handlers/celerity.yml
+++ b/roles/nudgis/shared/handlers/celerity.yml
@@ -1,10 +1,10 @@
---
-- name: restart celerity-server
+- name: "Restart celerity-server"
ansible.builtin.service:
name: celerity-server
state: restarted
-- name: restart celerity-workers
+- name: "Restart celerity-workers"
ansible.builtin.service:
name: celerity-workers
state: restarted
diff --git a/roles/nudgis/shared/handlers/munin-node.yml b/roles/nudgis/shared/handlers/munin-node.yml
new file mode 100644
index 0000000000000000000000000000000000000000..8a1b96d43d9f14dd1bab197a3db0aac5e8e23c03
--- /dev/null
+++ b/roles/nudgis/shared/handlers/munin-node.yml
@@ -0,0 +1,25 @@
+---
+
+# Order here is important
+- name: "Gather the package facts"
+ ansible.builtin.package_facts:
+ manager: auto
+ listen: "Configure and restart munin-node"
+
+- name: "Setup munin-node plugins link" # noqa: risky-shell-pipe
+ ansible.builtin.shell:
+ munin-node-configure --shell --remove-also 2>&1 | sh -x
+ # sh -x print executed cmd to stderr
+ register: munin_plugin_linked
+ changed_when: munin_plugin_linked.stderr | length > 0
+ when: "'munin-node' in ansible_facts.packages"
+ listen: "Configure and restart munin-node"
+
+- name: "Restart munin-node service"
+ ansible.builtin.service:
+ name: munin-node
+ state: restarted
+ when: "'munin-node' in ansible_facts.packages"
+ listen: "Configure and restart munin-node"
+
+...
diff --git a/roles/shared/handlers/nftables.yml b/roles/nudgis/shared/handlers/nftables.yml
similarity index 74%
rename from roles/shared/handlers/nftables.yml
rename to roles/nudgis/shared/handlers/nftables.yml
index d9e14f1e00341873ec8cdd56ee7da05e1429a2fc..aafb8cbb2a46b00a88e38880155bb456cb0bf47c 100644
--- a/roles/shared/handlers/nftables.yml
+++ b/roles/nudgis/shared/handlers/nftables.yml
@@ -1,6 +1,6 @@
---
-- name: reload nftables
+- name: "Reload nftables"
ansible.builtin.systemd:
name: nftables
state: reloaded
diff --git a/roles/shared/tasks/firewall_rules_files.yml b/roles/nudgis/shared/tasks/firewall_rules_files.yml
similarity index 70%
rename from roles/shared/tasks/firewall_rules_files.yml
rename to roles/nudgis/shared/tasks/firewall_rules_files.yml
index afd2948a3f85dd9cd017bce725acc1bde86fdf26..0591e22dcf00463965e310e5ba58f789b1f4b507 100644
--- a/roles/shared/tasks/firewall_rules_files.yml
+++ b/roles/nudgis/shared/tasks/firewall_rules_files.yml
@@ -1,8 +1,7 @@
---
-- name: Add the firewall rule(s)
- when: "'firewall' in group_names"
- notify: reload nftables
+- name: "Add the firewall rule(s)"
+ notify: "Reload nftables"
ansible.builtin.copy:
src: "../../shared/files/nftables/{{ item }}.nft"
dest: "/etc/nftables.d/"
diff --git a/roles/mediaworker/README.md b/roles/nudgis/task_management/client/README.md
similarity index 86%
rename from roles/mediaworker/README.md
rename to roles/nudgis/task_management/client/README.md
index 77e922032e8c4f6ac4de683949d00292c8d327fb..4c0710e3828fbe310100e1f07b8f422120d3db8c 100644
--- a/roles/mediaworker/README.md
+++ b/roles/nudgis/task_management/client/README.md
@@ -1,7 +1,7 @@
-# Mediaworker
+# Task_management_client
## Description
-The mediaorker group is used to configure the hosts treat the transcoding tasks.
+The task_management_client group is used to configure the hosts treat the transcoding tasks (celerity worker).
* In a standard UbiCast case, the host is a dedicated server
* In a HA UbiCast case, it is usually a cluster of two (or more) dedicated servers
diff --git a/roles/mediaworker/defaults/main.yml b/roles/nudgis/task_management/client/defaults/main.yml
similarity index 100%
rename from roles/mediaworker/defaults/main.yml
rename to roles/nudgis/task_management/client/defaults/main.yml
diff --git a/roles/mediaworker/handlers/main.yml b/roles/nudgis/task_management/client/handlers/main.yml
similarity index 70%
rename from roles/mediaworker/handlers/main.yml
rename to roles/nudgis/task_management/client/handlers/main.yml
index 41c27f7ea08c5d4bb8dd25d6680cd02a9d477ad5..8815f5b5c11c8887c7e8f75798f3de90a8e1728a 100644
--- a/roles/mediaworker/handlers/main.yml
+++ b/roles/nudgis/task_management/client/handlers/main.yml
@@ -1,6 +1,6 @@
---
-- name: restart celerity-workers
+- name: "Restart celerity-workers"
ansible.builtin.service:
name: celerity-workers
state: restarted
diff --git a/roles/mediaworker/tasks/configure.yml b/roles/nudgis/task_management/client/tasks/configure.yml
similarity index 90%
rename from roles/mediaworker/tasks/configure.yml
rename to roles/nudgis/task_management/client/tasks/configure.yml
index 30c1837f22af65fa275208b8f7da4a5141ad960d..a519c38042dda801e5857f6ddc5051b9d6dddfc6 100644
--- a/roles/mediaworker/tasks/configure.yml
+++ b/roles/nudgis/task_management/client/tasks/configure.yml
@@ -1,6 +1,6 @@
---
-- name: CONFIGURE CELERITY
+- name: "CONFIGURE CELERITY"
ansible.builtin.include_tasks: "configure/celerity-conf.yml"
when:
- nudgis_front_system_user is defined
diff --git a/roles/mediaworker/tasks/configure/celerity-conf.yml b/roles/nudgis/task_management/client/tasks/configure/celerity-conf.yml
similarity index 70%
rename from roles/mediaworker/tasks/configure/celerity-conf.yml
rename to roles/nudgis/task_management/client/tasks/configure/celerity-conf.yml
index 166fc8029a53761fefc41906724f7d02b30a03c8..74040b7462e79bbfc4d3fe461dcf27790fe56f30 100644
--- a/roles/mediaworker/tasks/configure/celerity-conf.yml
+++ b/roles/nudgis/task_management/client/tasks/configure/celerity-conf.yml
@@ -1,7 +1,7 @@
---
-- name: copy celerity example configuration
- notify: "restart celerity-workers"
+- name: "Copy celerity example configuration"
+ notify: "Restart celerity-workers"
ansible.builtin.copy:
remote_src: true
src: /etc/celerity/config.example.py
@@ -9,19 +9,19 @@
mode: preserve
force: false
-- name: celerity base configuration
- notify: "restart celerity-workers"
+- name: "Celerity base configuration"
+ notify: "Restart celerity-workers"
ansible.builtin.replace:
path: /etc/celerity/config.py
regexp: '^(\s*)#?{{ item.name }}\s*=.*$'
replace: '\1{{ item.name }} = {{ item.value }}'
loop:
- - { name: 'SERVER_URL', value: '"https://{{ celerity_server_domain }}:6200"' } # noqa: yaml[commas]
+ - { name: 'SERVER_URL', value: '"https://{{ celerity_server_domain }}:6200"' }
- { name: 'SIGNING_KEY', value: '"{{ celerity_signing_key }}"' }
when: item.value != "" and item.value != '""'
-- name: celerity add nudgis portal
- notify: "restart celerity-workers"
+- name: "Celerity add nudgis portal"
+ notify: "Restart celerity-workers"
ansible.builtin.command:
cmd: >
celerity-configurator add-portal
@@ -31,7 +31,7 @@
register: celerity_add_portal
changed_when: celerity_add_portal.stdout != 'The configuration file is already up to date.'
-- name: "ensure celerity-workers is running"
+- name: "Ensure celerity-workers is running"
ansible.builtin.service:
name: "celerity-workers"
enabled: true
diff --git a/roles/mediaworker/tasks/install.yml b/roles/nudgis/task_management/client/tasks/install.yml
similarity index 90%
rename from roles/mediaworker/tasks/install.yml
rename to roles/nudgis/task_management/client/tasks/install.yml
index 26b2230da2076cc00b933d27c75800e986b97654..cb54d9192dd870d79c7df087eaef98bff8e399d1 100644
--- a/roles/mediaworker/tasks/install.yml
+++ b/roles/nudgis/task_management/client/tasks/install.yml
@@ -1,6 +1,6 @@
---
-- name: install celerity worker
+- name: "Install celerity worker"
ansible.builtin.apt:
force_apt_get: true
install_recommends: false
diff --git a/roles/netcapture/tasks/main.yml b/roles/nudgis/task_management/client/tasks/main.yml
similarity index 88%
rename from roles/netcapture/tasks/main.yml
rename to roles/nudgis/task_management/client/tasks/main.yml
index 4ca9b1ce59bf99a101c275a40afab2c0fc69e94a..047755f65077226019358ebe4641af98757f2629 100644
--- a/roles/netcapture/tasks/main.yml
+++ b/roles/nudgis/task_management/client/tasks/main.yml
@@ -1,6 +1,6 @@
---
-- name: INSTALL
+- name: "INSTALL"
ansible.builtin.include_tasks:
file: "install.yml"
apply:
@@ -10,7 +10,7 @@
tags:
- always
-- name: CONFIGURE
+- name: "CONFIGURE"
ansible.builtin.include_tasks:
file: "configure.yml"
apply:
diff --git a/roles/mediaworker/vars/main.yml b/roles/nudgis/task_management/client/vars/main.yml
similarity index 100%
rename from roles/mediaworker/vars/main.yml
rename to roles/nudgis/task_management/client/vars/main.yml
diff --git a/roles/celerity/README.md b/roles/nudgis/task_management/server/README.md
similarity index 86%
rename from roles/celerity/README.md
rename to roles/nudgis/task_management/server/README.md
index 7f501a9c969ed8e82b132f3a27f32ce54bf8fa33..61ed51f3e5783b974d9765398e7083a51a8095fc 100644
--- a/roles/celerity/README.md
+++ b/roles/nudgis/task_management/server/README.md
@@ -1,7 +1,7 @@
-# Celerity
+# Task_management_server
## Description
-The celerity group is used to configure the hosts that balance the transcoding tasks.
+The task_management_server group is used to configure the hosts that balance the transcoding tasks (celerity server).
* In a standard UbiCast case, the host is the same as the mediaserver.
* In a HA UbiCast case, the live is usually a dedicated server.
diff --git a/roles/celerity/defaults/main.yml b/roles/nudgis/task_management/server/defaults/main.yml
similarity index 100%
rename from roles/celerity/defaults/main.yml
rename to roles/nudgis/task_management/server/defaults/main.yml
diff --git a/roles/celerity/handlers/main.yml b/roles/nudgis/task_management/server/handlers/main.yml
similarity index 65%
rename from roles/celerity/handlers/main.yml
rename to roles/nudgis/task_management/server/handlers/main.yml
index a6cf4db9672f8d4281e546d7a728b020e62a7e2f..c092ca2867239a1200ed51d629360a1a2737426f 100644
--- a/roles/celerity/handlers/main.yml
+++ b/roles/nudgis/task_management/server/handlers/main.yml
@@ -1,21 +1,21 @@
---
-- name: restart celerity-server
+- name: "Restart celerity-server"
ansible.builtin.service:
name: celerity-server
state: restarted
-- name: restart celerity-workers
+- name: "Restart celerity-workers"
ansible.builtin.service:
name: celerity-workers
state: restarted
# The celerity package drops a fail2ban conf, so we need to reload it form idempotency
-- name: reload fail2ban
+- name: "Reload fail2ban"
ansible.builtin.systemd:
name: fail2ban
state: reloaded
-- import_tasks: ../../shared/handlers/nftables.yml # noqa: name[missing]
+- ansible.builtin.import_tasks: ../../shared/handlers/nftables.yml
...
diff --git a/roles/nudgis/task_management/server/tasks/base.yml b/roles/nudgis/task_management/server/tasks/base.yml
new file mode 100644
index 0000000000000000000000000000000000000000..48598b1e781a942eea2ef1e44b771c345731c043
--- /dev/null
+++ b/roles/nudgis/task_management/server/tasks/base.yml
@@ -0,0 +1,5 @@
+---
+
+- ansible.builtin.import_tasks: ../../shared/tasks/firewall_rules_files.yml
+
+...
diff --git a/roles/celerity/tasks/configure.yml b/roles/nudgis/task_management/server/tasks/configure.yml
similarity index 88%
rename from roles/celerity/tasks/configure.yml
rename to roles/nudgis/task_management/server/tasks/configure.yml
index ff326c7aae80666999bf888a8e61ef08ebe1e729..99aeb010fa37d8d789ac863cdceb01ac9eee0965 100644
--- a/roles/celerity/tasks/configure.yml
+++ b/roles/nudgis/task_management/server/tasks/configure.yml
@@ -1,6 +1,6 @@
---
-- name: CONFIGURE CELERITY
+- name: "CONFIGURE CELERITY"
ansible.builtin.include_tasks: "configure/celerity-conf.yml"
when:
- nudgis_front_api_key is defined
diff --git a/roles/celerity/tasks/configure/celerity-conf.yml b/roles/nudgis/task_management/server/tasks/configure/celerity-conf.yml
similarity index 70%
rename from roles/celerity/tasks/configure/celerity-conf.yml
rename to roles/nudgis/task_management/server/tasks/configure/celerity-conf.yml
index aac3c49a96492345149ada9f845e4fc094dc874a..4aa6ced94a5c868f242f0410f729fb4485500206 100644
--- a/roles/celerity/tasks/configure/celerity-conf.yml
+++ b/roles/nudgis/task_management/server/tasks/configure/celerity-conf.yml
@@ -1,7 +1,7 @@
---
-- name: copy celerity example configuration
- notify: "restart celerity-server"
+- name: "Copy celerity example configuration"
+ notify: "Restart celerity-server"
ansible.builtin.copy:
remote_src: true
src: /etc/celerity/config.example.py
@@ -9,19 +9,19 @@
mode: preserve
force: false
-- name: celerity base configuration
- notify: "restart celerity-server"
+- name: "Celerity base configuration"
+ notify: "Restart celerity-server"
ansible.builtin.replace:
path: /etc/celerity/config.py
regexp: '^(\s*)#?{{ item.name }}\s*=.*$'
replace: '\1{{ item.name }} = {{ item.value }}'
loop:
- - { name: 'SERVER_URL', value: '"https://{{ celerity_server_domain }}:6200"' } # noqa: yaml[commas]
+ - { name: 'SERVER_URL', value: '"https://{{ celerity_server_domain }}:6200"' }
- { name: 'SIGNING_KEY', value: '"{{ celerity_signing_key }}"' }
when: item.value != "" and item.value != '""'
-- name: celerity add nudgis portal
- notify: "restart celerity-server"
+- name: "Celerity add nudgis portal"
+ notify: "Restart celerity-server"
ansible.builtin.command:
cmd: >
celerity-configurator add-portal
@@ -31,7 +31,7 @@
register: celerity_add_portal
changed_when: celerity_add_portal.stdout != 'The configuration file is already up to date.'
-- name: "ensure celerity-server is running"
+- name: "Ensure celerity-server is running"
ansible.builtin.service:
name: "celerity-server"
enabled: true
diff --git a/roles/celerity/tasks/install.yml b/roles/nudgis/task_management/server/tasks/install.yml
similarity index 83%
rename from roles/celerity/tasks/install.yml
rename to roles/nudgis/task_management/server/tasks/install.yml
index 36270c8378f326332212155be70fd0ada9d7c798..4e4f2a90d209f3a67f5a8806b4cf07b6d69316ff 100644
--- a/roles/celerity/tasks/install.yml
+++ b/roles/nudgis/task_management/server/tasks/install.yml
@@ -1,7 +1,7 @@
---
-- name: celerity server install
- notify: "reload fail2ban"
+- name: "Celerity server install"
+ notify: "Reload fail2ban"
ansible.builtin.apt:
force_apt_get: true
install_recommends: false
diff --git a/roles/nudgis/task_management/server/tasks/main.yml b/roles/nudgis/task_management/server/tasks/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..4831cba3254f3aff6f910d96e3ebc3ebab9c7388
--- /dev/null
+++ b/roles/nudgis/task_management/server/tasks/main.yml
@@ -0,0 +1,33 @@
+---
+
+- name: "INSTALL"
+ ansible.builtin.include_tasks:
+ file: "install.yml"
+ apply:
+ become: true
+ tags:
+ - install
+ tags:
+ - always
+
+- name: "BASE CONFIGURATION"
+ ansible.builtin.include_tasks:
+ file: "base.yml"
+ apply:
+ become: true
+ tags:
+ - base
+ tags:
+ - always
+
+- name: "CONFIGURE"
+ ansible.builtin.include_tasks:
+ file: "configure.yml"
+ apply:
+ become: true
+ tags:
+ - configure
+ tags:
+ - always
+
+...
diff --git a/roles/celerity/vars/main.yml b/roles/nudgis/task_management/server/vars/main.yml
similarity index 100%
rename from roles/celerity/vars/main.yml
rename to roles/nudgis/task_management/server/vars/main.yml
diff --git a/roles/tester/README.md b/roles/nudgis/tester/README.md
similarity index 100%
rename from roles/tester/README.md
rename to roles/nudgis/tester/README.md
diff --git a/roles/tester/defaults/main.yml b/roles/nudgis/tester/defaults/main.yml
similarity index 100%
rename from roles/tester/defaults/main.yml
rename to roles/nudgis/tester/defaults/main.yml
diff --git a/roles/tester/tasks/configure.yml b/roles/nudgis/tester/tasks/configure.yml
similarity index 88%
rename from roles/tester/tasks/configure.yml
rename to roles/nudgis/tester/tasks/configure.yml
index ece8ffbf439f13a7c0d014b4e76f7db39db951ac..e397f457cc5b63b63d29c675572b1e665a4fc92b 100644
--- a/roles/tester/tasks/configure.yml
+++ b/roles/nudgis/tester/tasks/configure.yml
@@ -1,6 +1,6 @@
---
-- name: CONFIGURE UBICAST-TESTER
+- name: "CONFIGURE UBICAST-TESTER"
ansible.builtin.include_tasks: "configure/tester-configure.yml"
when:
- repos_ubicast_packages_token is defined
diff --git a/roles/nudgis/tester/tasks/configure/tester-configure.yml b/roles/nudgis/tester/tasks/configure/tester-configure.yml
new file mode 100644
index 0000000000000000000000000000000000000000..8dd6311603328e480bcc7c0b9c3c894346d3c873
--- /dev/null
+++ b/roles/nudgis/tester/tasks/configure/tester-configure.yml
@@ -0,0 +1,16 @@
+---
+
+- name: "Tester configuration"
+ ansible.builtin.replace:
+ path: /etc/ubicast-tester/config.yml
+ regexp: '^(\s*)#?{{ item.name }}:(\s*).*$'
+ replace: '\1{{ item.name }}:\2{{ item.value }}'
+ loop:
+ - { name: 'name', value: '"{{ tester_system_name }}"' }
+ - { name: 'token', value: '"{{ repos_ubicast_packages_token }}"' }
+ - { name: 'from', value: '"{{ tester_email_from }}"' }
+ - { name: 'to', value: '"{{ tester_email_to }}"' }
+ - { name: 'admin', value: '"{{ tester_email_admin }}"' }
+ - { name: 'ignored', value: '{{ tester_tests_ignored }}' }
+
+...
diff --git a/roles/tester/tasks/install.yml b/roles/nudgis/tester/tasks/install.yml
similarity index 90%
rename from roles/tester/tasks/install.yml
rename to roles/nudgis/tester/tasks/install.yml
index 0e07b005c3710c96d4d2f754f687f6a4040eb53c..b59440ad7fce791e38a26f99fed71dd916b25c01 100644
--- a/roles/tester/tasks/install.yml
+++ b/roles/nudgis/tester/tasks/install.yml
@@ -1,6 +1,6 @@
---
-- name: install tester packages
+- name: "Install tester packages"
ansible.builtin.apt:
force_apt_get: true
install_recommends: false
diff --git a/roles/letsencrypt/tasks/main.yml b/roles/nudgis/tester/tasks/main.yml
similarity index 88%
rename from roles/letsencrypt/tasks/main.yml
rename to roles/nudgis/tester/tasks/main.yml
index 4ca9b1ce59bf99a101c275a40afab2c0fc69e94a..047755f65077226019358ebe4641af98757f2629 100644
--- a/roles/letsencrypt/tasks/main.yml
+++ b/roles/nudgis/tester/tasks/main.yml
@@ -1,6 +1,6 @@
---
-- name: INSTALL
+- name: "INSTALL"
ansible.builtin.include_tasks:
file: "install.yml"
apply:
@@ -10,7 +10,7 @@
tags:
- always
-- name: CONFIGURE
+- name: "CONFIGURE"
ansible.builtin.include_tasks:
file: "configure.yml"
apply:
diff --git a/roles/tester/vars/main.yml b/roles/nudgis/tester/vars/main.yml
similarity index 100%
rename from roles/tester/vars/main.yml
rename to roles/nudgis/tester/vars/main.yml
diff --git a/roles/mediavault/README.md b/roles/nudgis/vault/README.md
similarity index 79%
rename from roles/mediavault/README.md
rename to roles/nudgis/vault/README.md
index bdb1df4a4718b122a916a530388880b3a2c986ad..d7340377ba66ebd2e9b0339353673600dc17b32f 100644
--- a/roles/mediavault/README.md
+++ b/roles/nudgis/vault/README.md
@@ -1,7 +1,7 @@
-# Mediavault
+# Vault
## Description
-The mediaserver group is used to configure all hosts with the UbiCast backup solution
+The vault group is used to configure the hosts with the UbiCast backup solution
## Role Variables
@@ -9,7 +9,7 @@ Available variables are listed below, along with the descriptions and the defaul
`vault_email_enabled`: Boolean to activate the mail notifications (Optional)
```
-vault_email_enabled: True
+vault_email_enabled: true
```
`vault_email_from`: From fields for email sending (as defined in RFC2822) (Optional)
diff --git a/roles/mediavault/defaults/main.yml b/roles/nudgis/vault/defaults/main.yml
similarity index 91%
rename from roles/mediavault/defaults/main.yml
rename to roles/nudgis/vault/defaults/main.yml
index 8da91245d3138cbd94d3affc01c56d8392e54439..4e93e45b3c438c42a6da68b41019f58db2d94331 100644
--- a/roles/mediavault/defaults/main.yml
+++ b/roles/nudgis/vault/defaults/main.yml
@@ -1,7 +1,7 @@
---
# Boolean to activate the mail notifications
-vault_email_enabled: True
+vault_email_enabled: true
# From fields for email sending (as defined in RFC2822)
vault_email_from: "{{ ansible_fqdn }} <backup@{{ ansible_fqdn }}>"
diff --git a/roles/mediavault/handlers/main.yml b/roles/nudgis/vault/handlers/main.yml
similarity index 65%
rename from roles/mediavault/handlers/main.yml
rename to roles/nudgis/vault/handlers/main.yml
index bbfaa070e51e61822109b97a9ca1d35d5a642113..3760b2584a5550ef161b5604a32f7a19d45dd36e 100644
--- a/roles/mediavault/handlers/main.yml
+++ b/roles/nudgis/vault/handlers/main.yml
@@ -1,6 +1,6 @@
---
-- name: systemd daemon reload
+- name: "Systemd daemon reload"
ansible.builtin.systemd:
daemon_reload: true
diff --git a/roles/mediavault/tasks/base.yml b/roles/nudgis/vault/tasks/base.yml
similarity index 80%
rename from roles/mediavault/tasks/base.yml
rename to roles/nudgis/vault/tasks/base.yml
index c8d2137d7fbd17e5e248f05a5a41496d63e21320..c7008599495037357fb91e7c256595362ecce3e0 100644
--- a/roles/mediavault/tasks/base.yml
+++ b/roles/nudgis/vault/tasks/base.yml
@@ -1,6 +1,6 @@
---
-- name: generate ssh keys pair
+- name: "Generate ssh keys pair"
ansible.builtin.user:
name: root
generate_ssh_key: true
diff --git a/roles/mediavault/tasks/configure.yml b/roles/nudgis/vault/tasks/configure.yml
similarity index 86%
rename from roles/mediavault/tasks/configure.yml
rename to roles/nudgis/vault/tasks/configure.yml
index 0af1a9957715c8ae551fdc4c1a9e1289ee6a13bd..52e59d44b8f3c3a698df7a34a39a640fdaa78c23 100644
--- a/roles/mediavault/tasks/configure.yml
+++ b/roles/nudgis/vault/tasks/configure.yml
@@ -1,6 +1,6 @@
---
-- name: CONFIGURE MAILER
+- name: "CONFIGURE MAILER"
ansible.builtin.include_tasks: "configure/mailer.yml"
when:
- vault_email_enabled is defined
diff --git a/roles/mediavault/tasks/configure/mailer.yml b/roles/nudgis/vault/tasks/configure/mailer.yml
similarity index 70%
rename from roles/mediavault/tasks/configure/mailer.yml
rename to roles/nudgis/vault/tasks/configure/mailer.yml
index ae90e1bbf39dbc4c7473cb2297ed90e49aa22c27..4c9464062cd1f20bd374c35e2285dfe37435308d 100644
--- a/roles/mediavault/tasks/configure/mailer.yml
+++ b/roles/nudgis/vault/tasks/configure/mailer.yml
@@ -1,16 +1,16 @@
---
-- name: Configure mailer
+- name: "Configure mailer"
when: vault_email_enabled
block:
- - name: create mailer script
+ - name: "Create mailer script"
ansible.builtin.template:
src: systemd-mailer-script.j2
dest: "{{ vault_email_script_path }}"
mode: "0755"
- - name: create mailer service
- notify: systemd daemon reload
+ - name: "Create mailer service"
+ notify: "Systemd daemon reload"
ansible.builtin.template:
src: systemd-mailer-service.j2
dest: "{{ vault_email_service_path }}"
diff --git a/roles/mediavault/tasks/install.yml b/roles/nudgis/vault/tasks/install.yml
similarity index 84%
rename from roles/mediavault/tasks/install.yml
rename to roles/nudgis/vault/tasks/install.yml
index ca843559f06b7334fee691078dc7185dc7590a87..69a3fc69949321d8f26f3ecccc10ea7d2d6904c6 100644
--- a/roles/mediavault/tasks/install.yml
+++ b/roles/nudgis/vault/tasks/install.yml
@@ -1,6 +1,6 @@
---
-- name: install packages
+- name: "Install packages"
ansible.builtin.package:
force_apt_get: true
install_recommends: false
diff --git a/roles/nudgis/vault/tasks/main.yml b/roles/nudgis/vault/tasks/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..4831cba3254f3aff6f910d96e3ebc3ebab9c7388
--- /dev/null
+++ b/roles/nudgis/vault/tasks/main.yml
@@ -0,0 +1,33 @@
+---
+
+- name: "INSTALL"
+ ansible.builtin.include_tasks:
+ file: "install.yml"
+ apply:
+ become: true
+ tags:
+ - install
+ tags:
+ - always
+
+- name: "BASE CONFIGURATION"
+ ansible.builtin.include_tasks:
+ file: "base.yml"
+ apply:
+ become: true
+ tags:
+ - base
+ tags:
+ - always
+
+- name: "CONFIGURE"
+ ansible.builtin.include_tasks:
+ file: "configure.yml"
+ apply:
+ become: true
+ tags:
+ - configure
+ tags:
+ - always
+
+...
diff --git a/roles/mediavault/templates/systemd-mailer-script.j2 b/roles/nudgis/vault/templates/systemd-mailer-script.j2
similarity index 100%
rename from roles/mediavault/templates/systemd-mailer-script.j2
rename to roles/nudgis/vault/templates/systemd-mailer-script.j2
diff --git a/roles/mediavault/templates/systemd-mailer-service.j2 b/roles/nudgis/vault/templates/systemd-mailer-service.j2
similarity index 100%
rename from roles/mediavault/templates/systemd-mailer-service.j2
rename to roles/nudgis/vault/templates/systemd-mailer-service.j2
diff --git a/roles/mediavault/vars/main.yml b/roles/nudgis/vault/vars/main.yml
similarity index 100%
rename from roles/mediavault/vars/main.yml
rename to roles/nudgis/vault/vars/main.yml
diff --git a/roles/postgres-ha/README.md b/roles/postgres-ha/README.md
deleted file mode 100644
index 617b962c0da9318c6d10f48ebbf6e6e00f41d87b..0000000000000000000000000000000000000000
--- a/roles/postgres-ha/README.md
+++ /dev/null
@@ -1,13 +0,0 @@
-# Postgres-ha
-## Description
-
-Override the postgres role with High availibility elements
-
-## Role Variables
-
-Available variables are listed below, along with the descriptions and the default values.
-
-`repmgr_password`: [HA only] Password of the repmgr DB user (Optional)
-```
-repmgr_password: ""
-```
diff --git a/roles/postgres-ha/tasks/base.yml b/roles/postgres-ha/tasks/base.yml
deleted file mode 100644
index 6a88968d5ff72c79544f754b6ee763434ed873bc..0000000000000000000000000000000000000000
--- a/roles/postgres-ha/tasks/base.yml
+++ /dev/null
@@ -1,18 +0,0 @@
----
-
-- name: BASE CONFIGURE REPGMR
- ansible.builtin.include_tasks: "base/repmgr.yml"
-
-- name: BASE CONFIGURE SWAPPINESS
- ansible.builtin.include_tasks: "base/swappiness.yml"
-
-- name: BASE CONFIGURE REPHACHECK
- ansible.builtin.include_tasks: "base/rephacheck.yml"
-
-- name: BASE CONFIGURE FIREWALL RULES
- import_tasks: ../../shared/tasks/firewall_rules_files.yml
-
-- name: flush handlers
- ansible.builtin.meta: flush_handlers
-
-...
diff --git a/roles/postgres-ha/tasks/main.yml b/roles/postgres-ha/tasks/main.yml
deleted file mode 100644
index 21ffa13e2e09ad71a2c7b4debadf373c8dab60cf..0000000000000000000000000000000000000000
--- a/roles/postgres-ha/tasks/main.yml
+++ /dev/null
@@ -1,33 +0,0 @@
----
-
-- name: INSTALL
- ansible.builtin.include_tasks:
- file: "install.yml"
- apply:
- become: true
- tags:
- - install
- tags:
- - always
-
-- name: BASE CONFIGURATION
- ansible.builtin.include_tasks:
- file: "base.yml"
- apply:
- become: true
- tags:
- - base
- tags:
- - always
-
-- name: CONFIGURE
- ansible.builtin.include_tasks:
- file: "configure.yml"
- apply:
- become: true
- tags:
- - configure
- tags:
- - always
-
-...
diff --git a/roles/postgres/tasks/base.yml b/roles/postgres/tasks/base.yml
deleted file mode 100644
index d4b789a09c62777afb42dedc32e769a08e8701a2..0000000000000000000000000000000000000000
--- a/roles/postgres/tasks/base.yml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-
-- name: BASE CONFIGURE POSTGRESQL LOGROTATE
- ansible.builtin.include_tasks: "base/logrotate.yml"
-
-- import_tasks: ../../shared/tasks/firewall_rules_files.yml # noqa: name[missing]
-
-- name: flush handlers
- ansible.builtin.meta: flush_handlers
-
-...
diff --git a/roles/postgres/tasks/main.yml b/roles/postgres/tasks/main.yml
deleted file mode 100644
index 21ffa13e2e09ad71a2c7b4debadf373c8dab60cf..0000000000000000000000000000000000000000
--- a/roles/postgres/tasks/main.yml
+++ /dev/null
@@ -1,33 +0,0 @@
----
-
-- name: INSTALL
- ansible.builtin.include_tasks:
- file: "install.yml"
- apply:
- become: true
- tags:
- - install
- tags:
- - always
-
-- name: BASE CONFIGURATION
- ansible.builtin.include_tasks:
- file: "base.yml"
- apply:
- become: true
- tags:
- - base
- tags:
- - always
-
-- name: CONFIGURE
- ansible.builtin.include_tasks:
- file: "configure.yml"
- apply:
- become: true
- tags:
- - configure
- tags:
- - always
-
-...
diff --git a/roles/shared/handlers/munin-node.yml b/roles/shared/handlers/munin-node.yml
deleted file mode 100644
index 3a71cbb8efcc92679684d76ea3c1059a61bd9ad5..0000000000000000000000000000000000000000
--- a/roles/shared/handlers/munin-node.yml
+++ /dev/null
@@ -1,15 +0,0 @@
----
-
-- name: Setup munin-node plugins link
- ansible.builtin.shell:
- munin-node-configure --shell --remove-also 2>&1 | sh -x # noqa risky-shell-pipe
- # sh -x print executed cmd to stderr
- register: munin_plugin_linked
- changed_when: munin_plugin_linked.stderr | length > 0
-
-- name: Restart munin-node service
- ansible.builtin.service:
- name: munin-node
- state: restarted
-
-...
diff --git a/roles/sysconfig/handlers/main.yml b/roles/sysconfig/handlers/main.yml
deleted file mode 100644
index 482ca72a658268ee6f080a0e3962692cc76745d6..0000000000000000000000000000000000000000
--- a/roles/sysconfig/handlers/main.yml
+++ /dev/null
@@ -1,36 +0,0 @@
----
-
-# - name: restart cron
-# ansible.builtin.service:
-# name: cron
-# state: restarted
-
-- name: restart sshd
- ansible.builtin.service:
- name: sshd
- state: restarted
-
-- name: restart unattended-upgrades
- ansible.builtin.service:
- name: unattended-upgrades
- state: restarted
-
-- name: restart ntp
- ansible.builtin.service:
- name: systemd-timesyncd
- state: restarted
-
-- name: trigger dpkg-reconfigure tzdata
- # https://unix.stackexchange.com/questions/451709/timedatectl-set-timezone-doesnt-update-etc-timezone
- # timedatectl do not update the /etc/timezone file...
- ansible.builtin.command:
- cmd: dpkg-reconfigure --frontend noninteractive tzdata
-
-- name: trigger apt update
- ansible.builtin.apt:
- update_cache: true
- register: apt_status
- retries: 60
- until: apt_status is success or ('Failed to lock apt for exclusive operation' not in apt_status.msg and '/var/lib/dpkg/lock' not in apt_status.msg)
-
-...
diff --git a/roles/sysconfig/tasks/base.yml b/roles/sysconfig/tasks/base.yml
deleted file mode 100644
index 0b1dff7c219499c8477cca7dbc0a2768f33daf51..0000000000000000000000000000000000000000
--- a/roles/sysconfig/tasks/base.yml
+++ /dev/null
@@ -1,37 +0,0 @@
----
-
-- name: DEBIAN APT REPOSITORIES
- ansible.builtin.include_tasks: "base/apt_debian.yml"
- when:
- - offline_mode is defined and not offline_mode
- - repos_debian_prefix is defined
- - repos_debian_packages_domain is defined
- - repos_debian_security_packages_domain is defined
-
-- name: UBICAST APT REPOSITORIES
- ansible.builtin.include_tasks: "base/apt_ubicast.yml"
- when:
- - offline_mode is defined and not offline_mode
- - repos_ubicast_packages_token is defined
- - repos_ubicast_packages_domain is defined
-
-# Flush to force `apt update` with the news repositories
-- name: Flush handlers
- meta: flush_handlers
-
-- name: BASE CONFIGURE SSH CLIENT
- ansible.builtin.include_tasks: "base/ssh-client.yml"
-
-- name: BASE CONFIGURE UNATTENDED-UPGRADES
- ansible.builtin.include_tasks: "base/unattended_upgrades.yml"
-
-- name: BASE CONFIGURE SSH SERVER
- ansible.builtin.include_tasks: "base/ssh-server.yml"
-
-- name: BASE CONFIURE PROMPT
- ansible.builtin.include_tasks: "base/prompt.yml"
-
-- name: BASE CONFIGURE LOGS
- ansible.builtin.include_tasks: "base/logs.yml"
-
-...
diff --git a/roles/sysconfig/tasks/base/unattended_upgrades.yml b/roles/sysconfig/tasks/base/unattended_upgrades.yml
deleted file mode 100644
index c8cab7db76bd8cab359fad2c18d3b14d4478e44c..0000000000000000000000000000000000000000
--- a/roles/sysconfig/tasks/base/unattended_upgrades.yml
+++ /dev/null
@@ -1,18 +0,0 @@
----
-
-- name: enable unattended upgrades
- ansible.builtin.copy:
- dest: /etc/apt/apt.conf.d/20auto-upgrades
- content: |
- APT::Periodic::Update-Package-Lists "1";
- APT::Periodic::Unattended-Upgrade "1";
- mode: "644"
-
-- name: remove old kernel with unattended-upgrades
- ansible.builtin.replace:
- dest: /etc/apt/apt.conf.d/50unattended-upgrades
- regexp: ^//Unattended-Upgrade::Remove-Unused-Kernel-Packages.*$
- replace: Unattended-Upgrade::Remove-Unused-Kernel-Packages "true";
- notify: restart unattended-upgrades
-
-...
diff --git a/roles/sysconfig/tasks/configure.yml b/roles/sysconfig/tasks/configure.yml
deleted file mode 100644
index d7f47fa7ec6978d61380a5dbd0e38226be08d0cb..0000000000000000000000000000000000000000
--- a/roles/sysconfig/tasks/configure.yml
+++ /dev/null
@@ -1,25 +0,0 @@
----
-
-- name: CONFIGURE PROXY
- ansible.builtin.include_tasks: "configure/proxy.yml"
-
-- name: SYSTEM LOCALES
- ansible.builtin.include_tasks: "configure/locale.yml"
- when:
- - init_locale is defined
-
-- name: SYSTEM TIMEZONE
- ansible.builtin.include_tasks: "configure/timezone.yml"
- when:
- - init_timezone is defined
-
-- name: NTP
- ansible.builtin.include_tasks: "configure/ntp.yml"
- when:
- - ntp_servers is defined
-
-# Flush to force `apt update` with the news repositories
-- name: Flush handlers
- meta: flush_handlers
-
-...
diff --git a/roles/sysconfig/tasks/configure/proxy.yml b/roles/sysconfig/tasks/configure/proxy.yml
deleted file mode 100644
index 8059dc1d52f6eaf23e9d2b08679d2dce29653688..0000000000000000000000000000000000000000
--- a/roles/sysconfig/tasks/configure/proxy.yml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-
-- name: proxy
- when:
- - proxy_http | d()
- - proxy_https | d()
- ansible.builtin.include_role:
- name: proxy
- allow_duplicates: true
-
-...
diff --git a/roles/sysconfig/tasks/install.yml b/roles/sysconfig/tasks/install.yml
deleted file mode 100644
index 1b06657fd8bfda54a4774c3405c9076d099ff852..0000000000000000000000000000000000000000
--- a/roles/sysconfig/tasks/install.yml
+++ /dev/null
@@ -1,18 +0,0 @@
----
-
-- name: install system utilities
- ansible.builtin.apt:
- force_apt_get: true
- install_recommends: false
- name: "{{ item }}"
- state: present
- register: apt_status
- retries: 60
- until: apt_status is success or ('Failed to lock apt for exclusive operation' not in apt_status.msg and '/var/lib/dpkg/lock' not in apt_status.msg)
- loop:
- - "{{ init_packages }}"
- - "{{ sysconfig_packages }}"
- - "{{ sysconfig_repos_packages }}"
- - "{{ locale_packages }}"
-
-...
diff --git a/roles/sysconfig/tasks/main.yml b/roles/sysconfig/tasks/main.yml
deleted file mode 100644
index 21ffa13e2e09ad71a2c7b4debadf373c8dab60cf..0000000000000000000000000000000000000000
--- a/roles/sysconfig/tasks/main.yml
+++ /dev/null
@@ -1,33 +0,0 @@
----
-
-- name: INSTALL
- ansible.builtin.include_tasks:
- file: "install.yml"
- apply:
- become: true
- tags:
- - install
- tags:
- - always
-
-- name: BASE CONFIGURATION
- ansible.builtin.include_tasks:
- file: "base.yml"
- apply:
- become: true
- tags:
- - base
- tags:
- - always
-
-- name: CONFIGURE
- ansible.builtin.include_tasks:
- file: "configure.yml"
- apply:
- become: true
- tags:
- - configure
- tags:
- - always
-
-...
diff --git a/roles/sysconfig/vars/main.yml b/roles/sysconfig/vars/main.yml
deleted file mode 100644
index a7ef7f1eeacbad7221e8f51f058fd8fde1520e0f..0000000000000000000000000000000000000000
--- a/roles/sysconfig/vars/main.yml
+++ /dev/null
@@ -1,40 +0,0 @@
----
-
-# Packages required for the group
-init_packages:
- - openssh-client
- - ca-certificates
- - apt-utils
- - gnupg
- - sudo
-
-# Packages required for the group
-sysconfig_packages:
- - openssh-server
- - bash-completion
- - unattended-upgrades
- - man
- - vim
- - ifupdown
- - lm-sensors
- - smartmontools
- - curl
- - host
- - htop
-
-# Debian distribution short name (example: "bullseye")
-repos_release: "{{ ansible_distribution_release }}"
-
-# Packages required for the group
-locale_packages:
- - locales
- - tzdata
-
-# Packages required for the group
-sysconfig_repos_packages:
- - python3-debian
-
-# Repository keyring path
-sysconfig_repos_keyrings_dir: "/usr/local/share/keyrings"
-
-...
diff --git a/roles/fail2ban/README.md b/roles/system/fail2ban/README.md
similarity index 74%
rename from roles/fail2ban/README.md
rename to roles/system/fail2ban/README.md
index db79f87963a72299e8e67143d3153ac91d08fc2d..ada046dbaac42159bc3df3e723779145722dbf48 100644
--- a/roles/fail2ban/README.md
+++ b/roles/system/fail2ban/README.md
@@ -1,7 +1,7 @@
# Fail2ban
## Description
-The fail2ban group handles the installation and configuration of fail2ban.
+The group handles the installation and configuration of fai2ban to provide and configure ban capabilities for various services
## Role Variables
diff --git a/roles/fail2ban/defaults/main.yml b/roles/system/fail2ban/defaults/main.yml
similarity index 100%
rename from roles/fail2ban/defaults/main.yml
rename to roles/system/fail2ban/defaults/main.yml
diff --git a/roles/fail2ban/handlers/main.yml b/roles/system/fail2ban/handlers/main.yml
similarity index 74%
rename from roles/fail2ban/handlers/main.yml
rename to roles/system/fail2ban/handlers/main.yml
index 191b0cc20b4f9a73bc30da5921c9a6c6f950adfd..47d14ec9c3bfb818130e1f004feecc111291e962 100644
--- a/roles/fail2ban/handlers/main.yml
+++ b/roles/system/fail2ban/handlers/main.yml
@@ -1,6 +1,6 @@
---
-- name: restart fail2ban
+- name: "Restart fail2ban"
ansible.builtin.systemd:
name: fail2ban
state: restarted
diff --git a/roles/fail2ban/tasks/base.yml b/roles/system/fail2ban/tasks/base.yml
similarity index 71%
rename from roles/fail2ban/tasks/base.yml
rename to roles/system/fail2ban/tasks/base.yml
index 63913f65c89e4996eddd03f7de289d855e94e3db..b41705e0f048163d37daef940270d08c13f7977d 100644
--- a/roles/fail2ban/tasks/base.yml
+++ b/roles/system/fail2ban/tasks/base.yml
@@ -1,7 +1,7 @@
---
-- name: create fail2ban path-overrides
- notify: restart fail2ban
+- name: "Create fail2ban path-overrides"
+ notify: "Restart fail2ban"
ansible.builtin.copy:
dest: /etc/fail2ban/paths-overrides.local
mode: "644"
@@ -9,15 +9,15 @@
content: |
[DEFAULT]
-- name: configure sshd jail backend
- notify: restart fail2ban
+- name: "Configure sshd jail backend"
+ notify: "Restart fail2ban"
ansible.builtin.lineinfile:
path: /etc/fail2ban/paths-overrides.local
regexp: '^sshd_backend'
insertafter: '[DEFAULT]'
line: 'sshd_backend = systemd'
-- name: service
+- name: "Service"
ansible.builtin.systemd:
name: fail2ban
enabled: true
diff --git a/roles/fail2ban/tasks/configure.yml b/roles/system/fail2ban/tasks/configure.yml
similarity index 84%
rename from roles/fail2ban/tasks/configure.yml
rename to roles/system/fail2ban/tasks/configure.yml
index b770c46711f7cd875fed43a235e557f548181354..93fa15c908f6f00147d17a0c8a22d2b7bc054d69 100644
--- a/roles/fail2ban/tasks/configure.yml
+++ b/roles/system/fail2ban/tasks/configure.yml
@@ -1,6 +1,6 @@
---
-- name: CONFIGURE FAIL2BAN
+- name: "CONFIGURE FAIL2BAN"
ansible.builtin.include_tasks: "configure/f2b-configure.yml"
when:
- fail2ban_email_from is defined
diff --git a/roles/fail2ban/tasks/configure/f2b-configure.yml b/roles/system/fail2ban/tasks/configure/f2b-configure.yml
similarity index 67%
rename from roles/fail2ban/tasks/configure/f2b-configure.yml
rename to roles/system/fail2ban/tasks/configure/f2b-configure.yml
index 31b372240424309ef470f7b9f90a59fdce440cdf..bdfd1e542bb7c5c7b27615272c2d6535ca99f8cc 100644
--- a/roles/fail2ban/tasks/configure/f2b-configure.yml
+++ b/roles/system/fail2ban/tasks/configure/f2b-configure.yml
@@ -1,7 +1,7 @@
---
-- name: jail defaults
- notify: restart fail2ban
+- name: "Jail defaults"
+ notify: "Restart fail2ban"
ansible.builtin.template:
src: jail.local.j2
dest: /etc/fail2ban/jail.local
diff --git a/roles/fail2ban/tasks/install.yml b/roles/system/fail2ban/tasks/install.yml
similarity index 92%
rename from roles/fail2ban/tasks/install.yml
rename to roles/system/fail2ban/tasks/install.yml
index c04fb735b05ca4ddb97df8a1cef7924d74592d39..5ae43961612aea7b4bce5f6054e309c278795f35 100644
--- a/roles/fail2ban/tasks/install.yml
+++ b/roles/system/fail2ban/tasks/install.yml
@@ -1,6 +1,6 @@
---
-- name: packages
+- name: "Install fail2ban"
ansible.builtin.apt:
force_apt_get: true
install_recommends: false
diff --git a/roles/system/fail2ban/tasks/main.yml b/roles/system/fail2ban/tasks/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..4831cba3254f3aff6f910d96e3ebc3ebab9c7388
--- /dev/null
+++ b/roles/system/fail2ban/tasks/main.yml
@@ -0,0 +1,33 @@
+---
+
+- name: "INSTALL"
+ ansible.builtin.include_tasks:
+ file: "install.yml"
+ apply:
+ become: true
+ tags:
+ - install
+ tags:
+ - always
+
+- name: "BASE CONFIGURATION"
+ ansible.builtin.include_tasks:
+ file: "base.yml"
+ apply:
+ become: true
+ tags:
+ - base
+ tags:
+ - always
+
+- name: "CONFIGURE"
+ ansible.builtin.include_tasks:
+ file: "configure.yml"
+ apply:
+ become: true
+ tags:
+ - configure
+ tags:
+ - always
+
+...
diff --git a/roles/fail2ban/templates/jail.local.j2 b/roles/system/fail2ban/templates/jail.local.j2
similarity index 100%
rename from roles/fail2ban/templates/jail.local.j2
rename to roles/system/fail2ban/templates/jail.local.j2
diff --git a/roles/fail2ban/vars/main.yml b/roles/system/fail2ban/vars/main.yml
similarity index 100%
rename from roles/fail2ban/vars/main.yml
rename to roles/system/fail2ban/vars/main.yml
diff --git a/roles/system/localisation/README.md b/roles/system/localisation/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..d6c66cbd0db09254095cc1d64d68536304831e02
--- /dev/null
+++ b/roles/system/localisation/README.md
@@ -0,0 +1,18 @@
+# Localisation
+## Description
+
+The group handles the installation and configuration of locales
+
+## Role Variables
+
+Available variables are listed below, along with the descriptions and the default values.
+
+`init_locale`: Value for the system locale (Optional)
+```
+init_locale: "en_GB.UTF-8"
+```
+
+`init_timezone`: Timezone to set on the servers (`timedatectl list-timezones` for the complete list) (Optional)
+```
+init_timezone: "Europe/Paris"
+```
diff --git a/roles/system/localisation/defaults/main.yml b/roles/system/localisation/defaults/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..476227cefa749cf5c3a758318920d856a722a246
--- /dev/null
+++ b/roles/system/localisation/defaults/main.yml
@@ -0,0 +1,9 @@
+---
+
+# Value for the system locale
+init_locale: "en_GB.UTF-8"
+
+# Timezone to set on the servers (`timedatectl list-timezones` for the complete list)
+init_timezone: "Europe/Paris"
+
+...
diff --git a/roles/system/localisation/handlers/main.yml b/roles/system/localisation/handlers/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..1cba56843fc2bb8a99c0292de941a9bb6370d50c
--- /dev/null
+++ b/roles/system/localisation/handlers/main.yml
@@ -0,0 +1,10 @@
+---
+
+- name: "Trigger dpkg-reconfigure tzdata"
+ # https://unix.stackexchange.com/questions/451709/timedatectl-set-timezone-doesnt-update-etc-timezone
+ # timedatectl do not update the /etc/timezone file...
+ ansible.builtin.command:
+ cmd: dpkg-reconfigure --frontend noninteractive tzdata
+ changed_when: false
+
+...
diff --git a/roles/system/localisation/tasks/configure.yml b/roles/system/localisation/tasks/configure.yml
new file mode 100644
index 0000000000000000000000000000000000000000..c1ce400c54d4efb63e9da8e3b0e4d51bd458cafd
--- /dev/null
+++ b/roles/system/localisation/tasks/configure.yml
@@ -0,0 +1,13 @@
+---
+
+- name: "CONFIGURE LOCALE"
+ ansible.builtin.include_tasks: "configure/locale.yml"
+ when:
+ - init_locale is defined
+
+- name: "CONFIGURE SYSTEM TIMEZONE"
+ ansible.builtin.include_tasks: "configure/timezone.yml"
+ when:
+ - init_timezone is defined
+
+...
diff --git a/roles/sysconfig/tasks/configure/locale.yml b/roles/system/localisation/tasks/configure/locale.yml
similarity index 78%
rename from roles/sysconfig/tasks/configure/locale.yml
rename to roles/system/localisation/tasks/configure/locale.yml
index 003f321f76a309b7030e52ca56148878ecfeeb59..8dd576adae89afa172bc1e740b61729810beae16 100644
--- a/roles/sysconfig/tasks/configure/locale.yml
+++ b/roles/system/localisation/tasks/configure/locale.yml
@@ -1,13 +1,13 @@
---
-- name: set default locale
+- name: "Set default locale"
ansible.builtin.template:
src: locale.j2
dest: /etc/default/locale
mode: "644"
# Manages locales by editing /etc/locale.gen and invoking locale-gen
-- name: generate current locales
+- name: "Generate current locales"
community.general.locale_gen:
name: "{{ init_locale }}"
diff --git a/roles/sysconfig/tasks/configure/timezone.yml b/roles/system/localisation/tasks/configure/timezone.yml
similarity index 64%
rename from roles/sysconfig/tasks/configure/timezone.yml
rename to roles/system/localisation/tasks/configure/timezone.yml
index 096901ba1f627c9cb270a01d39618439d55d8edc..ef801291b68845082bbffdfb056b709c2a728738 100644
--- a/roles/sysconfig/tasks/configure/timezone.yml
+++ b/roles/system/localisation/tasks/configure/timezone.yml
@@ -1,10 +1,10 @@
---
-- name: set timezone
+- name: "Set timezone"
# in order to execute cron task at new set timezone
# TODO: fix when there is no cron service
- # notify: restart cron
- notify: trigger dpkg-reconfigure tzdata
+ # notify: "Restart cron"
+ notify: "Trigger dpkg-reconfigure tzdata"
community.general.timezone:
name: "{{ init_timezone }}"
diff --git a/roles/monitor/msmonitor/tasks/install.yml b/roles/system/localisation/tasks/install.yml
similarity index 78%
rename from roles/monitor/msmonitor/tasks/install.yml
rename to roles/system/localisation/tasks/install.yml
index 81795287237f12498b8cc94961a3fdb5851bc74c..f569febee3a7bbbfe872c04a140d22a99aaae28f 100644
--- a/roles/monitor/msmonitor/tasks/install.yml
+++ b/roles/system/localisation/tasks/install.yml
@@ -1,11 +1,11 @@
---
-- name: install ubicast msmonitor
+- name: "Install localisation utilities"
ansible.builtin.apt:
force_apt_get: true
install_recommends: false
+ name: "{{ localisation_packages }}"
state: present
- name: "{{ msmonitor_packages }}"
register: apt_status
retries: 60
until: apt_status is success or ('Failed to lock apt for exclusive operation' not in apt_status.msg and '/var/lib/dpkg/lock' not in apt_status.msg)
diff --git a/roles/postfix/tasks/main.yml b/roles/system/localisation/tasks/main.yml
similarity index 88%
rename from roles/postfix/tasks/main.yml
rename to roles/system/localisation/tasks/main.yml
index 4ca9b1ce59bf99a101c275a40afab2c0fc69e94a..047755f65077226019358ebe4641af98757f2629 100644
--- a/roles/postfix/tasks/main.yml
+++ b/roles/system/localisation/tasks/main.yml
@@ -1,6 +1,6 @@
---
-- name: INSTALL
+- name: "INSTALL"
ansible.builtin.include_tasks:
file: "install.yml"
apply:
@@ -10,7 +10,7 @@
tags:
- always
-- name: CONFIGURE
+- name: "CONFIGURE"
ansible.builtin.include_tasks:
file: "configure.yml"
apply:
diff --git a/roles/sysconfig/templates/locale.j2 b/roles/system/localisation/templates/locale.j2
similarity index 100%
rename from roles/sysconfig/templates/locale.j2
rename to roles/system/localisation/templates/locale.j2
diff --git a/roles/system/localisation/vars/main.yml b/roles/system/localisation/vars/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..3a5d0bcaa932624ff1b4a2fff87e615966528f0d
--- /dev/null
+++ b/roles/system/localisation/vars/main.yml
@@ -0,0 +1,8 @@
+---
+
+# Packages required for the group
+localisation_packages:
+ - locales
+ - tzdata
+
+...
diff --git a/roles/system/misc/README.md b/roles/system/misc/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..e7e81a1fcbf492c2e3968fc74d89ef84e75cdbc4
--- /dev/null
+++ b/roles/system/misc/README.md
@@ -0,0 +1,4 @@
+# Misc
+## Description
+
+The group handles the installation and configuration of various systems elements (timezone, sudo, persistent system logs, prompt, ...)
diff --git a/roles/system/misc/defaults/main.yml b/roles/system/misc/defaults/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..140e1f4e28ca0ace0409c71cde373c91df6cadf4
--- /dev/null
+++ b/roles/system/misc/defaults/main.yml
@@ -0,0 +1,6 @@
+---
+
+# Timezone to set on the servers (`timedatectl list-timezones` for the complete list)
+init_timezone: "Europe/Paris"
+
+...
diff --git a/roles/system/misc/handlers/main.yml b/roles/system/misc/handlers/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..8cad755fa3f8b2ef79a603f4cd87a57d7be64aa7
--- /dev/null
+++ b/roles/system/misc/handlers/main.yml
@@ -0,0 +1,14 @@
+---
+
+# - name: "Restart cron"
+# ansible.builtin.service:
+# name: cron
+# state: restarted
+
+- name: "Trigger dpkg-reconfigure tzdata" # noqa: no-changed-when
+ # https://unix.stackexchange.com/questions/451709/timedatectl-set-timezone-doesnt-update-etc-timezone
+ # timedatectl do not update the /etc/timezone file...
+ ansible.builtin.command:
+ cmd: dpkg-reconfigure --frontend noninteractive tzdata
+
+...
diff --git a/roles/system/misc/tasks/base.yml b/roles/system/misc/tasks/base.yml
new file mode 100644
index 0000000000000000000000000000000000000000..51dbada11eb9ddd401fef1c9535d2a00deeb19f9
--- /dev/null
+++ b/roles/system/misc/tasks/base.yml
@@ -0,0 +1,9 @@
+---
+
+- name: "BASE CONFIURE PROMPT"
+ ansible.builtin.include_tasks: "base/prompt.yml"
+
+- name: "BASE CONFIGURE LOGS"
+ ansible.builtin.include_tasks: "base/logs.yml"
+
+...
diff --git a/roles/sysconfig/tasks/base/logs.yml b/roles/system/misc/tasks/base/logs.yml
similarity index 62%
rename from roles/sysconfig/tasks/base/logs.yml
rename to roles/system/misc/tasks/base/logs.yml
index 1220399cbc0b3dc8e5b76cea121f7be2a5eb0567..63626a427c8be6d25429732555374f0437997048 100644
--- a/roles/sysconfig/tasks/base/logs.yml
+++ b/roles/system/misc/tasks/base/logs.yml
@@ -1,6 +1,6 @@
---
-- name: ensure journald logs persistence is enabled
+- name: "Ensure journald logs persistence is enabled" # noqa: risky-file-permissions
ansible.builtin.file:
path: /var/log/journal
state: directory
diff --git a/roles/sysconfig/tasks/base/prompt.yml b/roles/system/misc/tasks/base/prompt.yml
similarity index 87%
rename from roles/sysconfig/tasks/base/prompt.yml
rename to roles/system/misc/tasks/base/prompt.yml
index 1b0015f51baf61c266d1fb6af50f1728e034cf64..6d233ccbdd1fe157f36f6aabc8de0abc82ede88d 100644
--- a/roles/sysconfig/tasks/base/prompt.yml
+++ b/roles/system/misc/tasks/base/prompt.yml
@@ -1,6 +1,6 @@
---
-- name: set issue file
+- name: "Set issue file"
ansible.builtin.copy:
content: |
\e{lightblue} © UBICAST\e{reset}
diff --git a/roles/system/misc/tasks/install.yml b/roles/system/misc/tasks/install.yml
new file mode 100644
index 0000000000000000000000000000000000000000..dad9bef27dd5de0dac698d20519b62025c7b1810
--- /dev/null
+++ b/roles/system/misc/tasks/install.yml
@@ -0,0 +1,13 @@
+---
+
+- name: "Install system utilities"
+ ansible.builtin.apt:
+ force_apt_get: true
+ install_recommends: false
+ name: "{{ misc_packages }}"
+ state: present
+ register: apt_status
+ retries: 60
+ until: apt_status is success or ('Failed to lock apt for exclusive operation' not in apt_status.msg and '/var/lib/dpkg/lock' not in apt_status.msg)
+
+...
diff --git a/roles/system/misc/tasks/main.yml b/roles/system/misc/tasks/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..0bb18f240f3c721004ecd393e94877e1cdc6dd0c
--- /dev/null
+++ b/roles/system/misc/tasks/main.yml
@@ -0,0 +1,23 @@
+---
+
+- name: "INSTALL"
+ ansible.builtin.include_tasks:
+ file: "install.yml"
+ apply:
+ become: true
+ tags:
+ - install
+ tags:
+ - always
+
+- name: "BASE CONFIGURATION"
+ ansible.builtin.include_tasks:
+ file: "base.yml"
+ apply:
+ become: true
+ tags:
+ - base
+ tags:
+ - always
+
+...
diff --git a/roles/system/misc/vars/main.yml b/roles/system/misc/vars/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..ce24aff6b866428d9e8d65e954dcb61590b0dbd4
--- /dev/null
+++ b/roles/system/misc/vars/main.yml
@@ -0,0 +1,18 @@
+---
+
+# Packages required for the group
+misc_packages:
+ - man
+ - vim
+ - sudo
+ - bash-completion
+ - lm-sensors
+ - smartmontools
+ - curl
+ - ca-certificates
+ - gnupg
+ - host
+ - ifupdown
+ - htop
+
+...
diff --git a/roles/system/nftables/README.md b/roles/system/nftables/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..ae4c0a2e0a6be3454fc7251932e431b9af7db339
--- /dev/null
+++ b/roles/system/nftables/README.md
@@ -0,0 +1,4 @@
+# Nftables
+## Description
+
+The group handles the installation and configuration of ntftables firewall
diff --git a/roles/nftables/files/nftables.conf b/roles/system/nftables/files/nftables.conf
similarity index 100%
rename from roles/nftables/files/nftables.conf
rename to roles/system/nftables/files/nftables.conf
diff --git a/roles/nftables/files/nftables.d/ssh.nft b/roles/system/nftables/files/nftables.d/ssh.nft
similarity index 100%
rename from roles/nftables/files/nftables.d/ssh.nft
rename to roles/system/nftables/files/nftables.d/ssh.nft
diff --git a/roles/nftables/tasks/base.yml b/roles/system/nftables/tasks/base.yml
similarity index 76%
rename from roles/nftables/tasks/base.yml
rename to roles/system/nftables/tasks/base.yml
index cc9cf59c8dcf8d638865c945200ed47e7ad95f18..159f95860db8a26efb4ff51cb74684729d6ae0d6 100644
--- a/roles/nftables/tasks/base.yml
+++ b/roles/system/nftables/tasks/base.yml
@@ -1,6 +1,6 @@
---
-- name: Deploy nftables configurations
+- name: "Deploy nftables configurations"
ansible.builtin.copy:
src: "./"
dest: "/etc"
@@ -10,7 +10,7 @@
directory_mode: '700'
mode: '600'
-- name: Enable and start nftables
+- name: "Enable and start nftables"
ansible.builtin.systemd_service:
name: nftables
state: started
diff --git a/roles/nftables/tasks/install.yml b/roles/system/nftables/tasks/install.yml
similarity index 89%
rename from roles/nftables/tasks/install.yml
rename to roles/system/nftables/tasks/install.yml
index c110434a32b8bdca4f36db130ff4743b0ff91c29..d7971ad16d1bbd7da02e20b269371dacb4885290 100644
--- a/roles/nftables/tasks/install.yml
+++ b/roles/system/nftables/tasks/install.yml
@@ -1,6 +1,6 @@
---
-- name: nftables firewall install
+- name: "Install nftables firewall"
ansible.builtin.apt:
force_apt_get: true
install_recommends: false
diff --git a/roles/system/nftables/tasks/main.yml b/roles/system/nftables/tasks/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..0bb18f240f3c721004ecd393e94877e1cdc6dd0c
--- /dev/null
+++ b/roles/system/nftables/tasks/main.yml
@@ -0,0 +1,23 @@
+---
+
+- name: "INSTALL"
+ ansible.builtin.include_tasks:
+ file: "install.yml"
+ apply:
+ become: true
+ tags:
+ - install
+ tags:
+ - always
+
+- name: "BASE CONFIGURATION"
+ ansible.builtin.include_tasks:
+ file: "base.yml"
+ apply:
+ become: true
+ tags:
+ - base
+ tags:
+ - always
+
+...
diff --git a/roles/nftables/vars/main.yml b/roles/system/nftables/vars/main.yml
similarity index 100%
rename from roles/nftables/vars/main.yml
rename to roles/system/nftables/vars/main.yml
diff --git a/roles/system/ntp/README.md b/roles/system/ntp/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..235330e4aa84f7740d066b965dfec4583a8dea4c
--- /dev/null
+++ b/roles/system/ntp/README.md
@@ -0,0 +1,17 @@
+# Ntp
+## Description
+
+The group handles the installation and configuration of ntp
+
+## Role Variables
+
+Available variables are listed below, along with the descriptions and the default values.
+
+`ntp_servers`: List of NTP servers to use on the systems (Optional)
+```
+ntp_servers:
+ - 0.debian.pool.ntp.org
+ - 1.debian.pool.ntp.org
+ - 2.debian.pool.ntp.org
+ - 3.debian.pool.ntp.org
+```
diff --git a/roles/system/ntp/defaults/main.yml b/roles/system/ntp/defaults/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..1f520a93d86deca31ca25d2fab072c13872e61f6
--- /dev/null
+++ b/roles/system/ntp/defaults/main.yml
@@ -0,0 +1,10 @@
+---
+
+# List of NTP servers to use on the systems
+ntp_servers:
+ - 0.debian.pool.ntp.org
+ - 1.debian.pool.ntp.org
+ - 2.debian.pool.ntp.org
+ - 3.debian.pool.ntp.org
+
+...
diff --git a/roles/system/ntp/handlers/main.yml b/roles/system/ntp/handlers/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..524a3087aa505b83d5fbedf2e6320c41472016dc
--- /dev/null
+++ b/roles/system/ntp/handlers/main.yml
@@ -0,0 +1,8 @@
+---
+
+- name: "Restart ntp"
+ ansible.builtin.service:
+ name: systemd-timesyncd
+ state: restarted
+
+...
diff --git a/roles/system/ntp/tasks/configure.yml b/roles/system/ntp/tasks/configure.yml
new file mode 100644
index 0000000000000000000000000000000000000000..f857c80cca822e318c6ed010dbc97c8fb99bf955
--- /dev/null
+++ b/roles/system/ntp/tasks/configure.yml
@@ -0,0 +1,8 @@
+---
+
+- name: "CONFIGURE NTP"
+ ansible.builtin.include_tasks: "configure/ntp.yml"
+ when:
+ - ntp_servers is defined
+
+...
diff --git a/roles/sysconfig/tasks/configure/ntp.yml b/roles/system/ntp/tasks/configure/ntp.yml
similarity index 80%
rename from roles/sysconfig/tasks/configure/ntp.yml
rename to roles/system/ntp/tasks/configure/ntp.yml
index 4724f0174904ec246f16a48e8996ba3601eef492..2f0f64f8a5f599d7cfc3c7ac58e0b9a04de743db 100644
--- a/roles/sysconfig/tasks/configure/ntp.yml
+++ b/roles/system/ntp/tasks/configure/ntp.yml
@@ -1,19 +1,19 @@
---
-- name: verify systemd-timesyncd presence
+- name: "Verify systemd-timesyncd presence"
ansible.builtin.stat:
path: /etc/systemd/timesyncd.conf
register: timesyncd_config
-- name: verify ntp variable
+- name: "Verify ntp variable"
when:
- timesyncd_config.stat.exists
- ntp_servers is defined
- ntp_servers | type_debug == 'list'
- ntp_servers | length > 0
block:
- - name: configure systemd-timesyncd
- notify: restart ntp
+ - name: "Configure systemd-timesyncd"
+ notify: "Restart ntp"
ansible.builtin.replace:
path: /etc/systemd/timesyncd.conf
regexp: '^(\s*)#?{{ item.name }}\s*=.*$'
diff --git a/roles/proxy/tasks/main.yml b/roles/system/ntp/tasks/main.yml
similarity index 88%
rename from roles/proxy/tasks/main.yml
rename to roles/system/ntp/tasks/main.yml
index ed7b95b464b45e6978ac2fab24921337540abc67..e4ffaed4be503f10468db8beda569b97972a788f 100644
--- a/roles/proxy/tasks/main.yml
+++ b/roles/system/ntp/tasks/main.yml
@@ -1,6 +1,6 @@
---
-- name: CONFIGURE
+- name: "CONFIGURE"
ansible.builtin.include_tasks:
file: "configure.yml"
apply:
diff --git a/roles/postfix/README.md b/roles/system/postfix/README.md
similarity index 89%
rename from roles/postfix/README.md
rename to roles/system/postfix/README.md
index c133e5a2e67cf65073a3833b2c1d0bb1afa7d4b2..cd78e7192e331d25a41c41be93a83488faa6f996 100644
--- a/roles/postfix/README.md
+++ b/roles/system/postfix/README.md
@@ -1,7 +1,7 @@
# Postfix
## Description
-The postfix group is used to configure all hosts to send email.
+The group handles the installation and configuration of postfix to provide emailing capabilities
## Role Variables
diff --git a/roles/postfix/defaults/main.yml b/roles/system/postfix/defaults/main.yml
similarity index 100%
rename from roles/postfix/defaults/main.yml
rename to roles/system/postfix/defaults/main.yml
diff --git a/roles/postfix/handlers/main.yml b/roles/system/postfix/handlers/main.yml
similarity index 75%
rename from roles/postfix/handlers/main.yml
rename to roles/system/postfix/handlers/main.yml
index 1100eb60dee9bcd12f28735956c3b616226c2a8f..c4c4dd5493a638fb23ce7e5795a81176ee5c204d 100644
--- a/roles/postfix/handlers/main.yml
+++ b/roles/system/postfix/handlers/main.yml
@@ -1,22 +1,22 @@
---
-- name: postmap sasl
+- name: "Postmap sasl"
ansible.builtin.command: postmap hash:/etc/postfix/sasl-passwords
changed_when: false
-- name: postmap generic
+- name: "Postmap generic"
ansible.builtin.command: postmap hash:/etc/postfix/generic
changed_when: false
-- name: postmap virtual
+- name: "Postmap virtual"
ansible.builtin.command: postmap hash:/etc/postfix/virtual
changed_when: false
-- name: run newaliases
+- name: "Run newaliases"
ansible.builtin.command: newaliases
changed_when: false
-- name: restart postfix
+- name: "Restart postfix"
ansible.builtin.service:
name: postfix
state: restarted
diff --git a/roles/postfix/tasks/configure.yml b/roles/system/postfix/tasks/configure.yml
similarity index 77%
rename from roles/postfix/tasks/configure.yml
rename to roles/system/postfix/tasks/configure.yml
index c52cd37d3be66d71ba34dffdc30ec25b9165722a..4b39a34bc55b1aa6c1332cbb3705844e7bef3574 100644
--- a/roles/postfix/tasks/configure.yml
+++ b/roles/system/postfix/tasks/configure.yml
@@ -1,34 +1,34 @@
---
-- name: Populate postfix main configuration
+- name: "Populate postfix main configuration"
ansible.builtin.include_tasks: "configure/postfix_main.yml"
when:
- postfix_mailname is defined
- postfix_relay_host is defined
- postfix_relay_user is defined
-- name: Populate /etc/mailname file
+- name: "Populate /etc/mailname file"
ansible.builtin.include_tasks: "configure/mailname.yml"
when:
- postfix_mailname is defined
-- name: Populate /etc/aliases file
+- name: "Populate /etc/aliases file"
ansible.builtin.include_tasks: "configure/aliases.yml"
when:
- postfix_admin is defined
-- name: Populate postfix virtual aliases
+- name: "Populate postfix virtual aliases"
ansible.builtin.include_tasks: "configure/postfix_virtual.yml"
when:
- postfix_mailname is defined
-- name: Populate postfix generic
+- name: "Populate postfix generic"
ansible.builtin.include_tasks: "configure/postfix_generic.yml"
when:
- postfix_mailname is defined
- postfix_email_from is defined
-- name: Populate postfix authentication file
+- name: "Populate postfix authentication file"
ansible.builtin.include_tasks: "configure/postfix_authentication.yml"
when:
- postfix_relay_host is defined
diff --git a/roles/postfix/tasks/configure/aliases.yml b/roles/system/postfix/tasks/configure/aliases.yml
similarity index 65%
rename from roles/postfix/tasks/configure/aliases.yml
rename to roles/system/postfix/tasks/configure/aliases.yml
index f96fe13cf0ab057694cd00583b82513616b77532..ca74942b9a5aad62f937cfb6baf257288987d2a7 100644
--- a/roles/postfix/tasks/configure/aliases.yml
+++ b/roles/system/postfix/tasks/configure/aliases.yml
@@ -1,7 +1,7 @@
---
-- name: mailname configuration
- notify: run newaliases
+- name: "Mailname configuration"
+ notify: "Run newaliases"
ansible.builtin.template:
backup: true
src: aliases.j2
diff --git a/roles/postfix/tasks/configure/mailname.yml b/roles/system/postfix/tasks/configure/mailname.yml
similarity index 65%
rename from roles/postfix/tasks/configure/mailname.yml
rename to roles/system/postfix/tasks/configure/mailname.yml
index 3306141e40edb8d7dfe7f7ff1d492a24b10c30cd..06c41d3edfb255d2f33bfffa26b75a52d6871097 100644
--- a/roles/postfix/tasks/configure/mailname.yml
+++ b/roles/system/postfix/tasks/configure/mailname.yml
@@ -1,7 +1,7 @@
---
-- name: mailname configuration
- notify: restart postfix
+- name: "Mailname configuration"
+ notify: "Restart postfix"
ansible.builtin.template:
backup: true
src: mailname.j2
diff --git a/roles/postfix/tasks/configure/postfix_authentication.yml b/roles/system/postfix/tasks/configure/postfix_authentication.yml
similarity index 69%
rename from roles/postfix/tasks/configure/postfix_authentication.yml
rename to roles/system/postfix/tasks/configure/postfix_authentication.yml
index 80850c13a79061271d83e6686174276eaec319ec..c805395ca1dd4b21c1ce92f53a396c876dd3df85 100644
--- a/roles/postfix/tasks/configure/postfix_authentication.yml
+++ b/roles/system/postfix/tasks/configure/postfix_authentication.yml
@@ -1,7 +1,7 @@
---
-- name: postfix virtual aliases
- notify: postmap sasl
+- name: "Postfix virtual aliases"
+ notify: "Postmap sasl"
ansible.builtin.template:
backup: true
src: sasl-passwords.j2
diff --git a/roles/postfix/tasks/configure/postfix_generic.yml b/roles/system/postfix/tasks/configure/postfix_generic.yml
similarity index 68%
rename from roles/postfix/tasks/configure/postfix_generic.yml
rename to roles/system/postfix/tasks/configure/postfix_generic.yml
index 1fd0e84e75baaf3d635afe9b1703ecaa8f15e8ba..e4f655611ea99cd8ba73ec9ef7069eaf666dbe63 100644
--- a/roles/postfix/tasks/configure/postfix_generic.yml
+++ b/roles/system/postfix/tasks/configure/postfix_generic.yml
@@ -1,11 +1,11 @@
---
-- name: gather hostname
+- name: "Gather hostname"
ansible.builtin.setup:
filter: ansible_hostname
-- name: postfix generic
- notify: postmap generic
+- name: "Postfix generic"
+ notify: "Postmap generic"
ansible.builtin.template:
backup: true
src: generic.j2
diff --git a/roles/postfix/tasks/configure/postfix_main.yml b/roles/system/postfix/tasks/configure/postfix_main.yml
similarity index 67%
rename from roles/postfix/tasks/configure/postfix_main.yml
rename to roles/system/postfix/tasks/configure/postfix_main.yml
index a600f78877cf1db0cbe43ebb1ba1ce64dceb8528..5fbf7a5707cdd6a3afdd3f4c5ef3ae28df5a4bfb 100644
--- a/roles/postfix/tasks/configure/postfix_main.yml
+++ b/roles/system/postfix/tasks/configure/postfix_main.yml
@@ -1,11 +1,11 @@
---
-- name: gather hostname
+- name: "Gather hostname"
ansible.builtin.setup:
filter: ansible_hostname
-- name: postfix main config
- notify: restart postfix
+- name: "Postfix main config"
+ notify: "Restart postfix"
ansible.builtin.template:
backup: true
src: main.cf.j2
diff --git a/roles/postfix/tasks/configure/postfix_virtual.yml b/roles/system/postfix/tasks/configure/postfix_virtual.yml
similarity index 66%
rename from roles/postfix/tasks/configure/postfix_virtual.yml
rename to roles/system/postfix/tasks/configure/postfix_virtual.yml
index 688522c93787839653e56bd5e911cfbf47925575..c2114cac75dcf0d6ad86e70614f95fdc36a46b54 100644
--- a/roles/postfix/tasks/configure/postfix_virtual.yml
+++ b/roles/system/postfix/tasks/configure/postfix_virtual.yml
@@ -1,7 +1,7 @@
---
-- name: postfix virtual aliases
- notify: postmap virtual
+- name: "Postfix virtual aliases"
+ notify: "Postmap virtual"
ansible.builtin.template:
backup: true
src: virtual.j2
diff --git a/roles/postfix/tasks/install.yml b/roles/system/postfix/tasks/install.yml
similarity index 90%
rename from roles/postfix/tasks/install.yml
rename to roles/system/postfix/tasks/install.yml
index 9fabafc664e32db8f7f5b964344dab4800477726..b21779aa78c78a436350b8107e7004fdc9d05c29 100644
--- a/roles/postfix/tasks/install.yml
+++ b/roles/system/postfix/tasks/install.yml
@@ -1,6 +1,6 @@
---
-- name: remove postfix conflicting packages
+- name: "Remove postfix conflicting packages"
ansible.builtin.apt:
force_apt_get: true
install_recommends: false
@@ -15,7 +15,7 @@
retries: 60
until: apt_status is success or ('Failed to lock apt for exclusive operation' not in apt_status.msg and '/var/lib/dpkg/lock' not in apt_status.msg)
-- name: install postfix
+- name: "Install postfix"
ansible.builtin.apt:
force_apt_get: true
install_recommends: false
diff --git a/roles/system/postfix/tasks/main.yml b/roles/system/postfix/tasks/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..047755f65077226019358ebe4641af98757f2629
--- /dev/null
+++ b/roles/system/postfix/tasks/main.yml
@@ -0,0 +1,23 @@
+---
+
+- name: "INSTALL"
+ ansible.builtin.include_tasks:
+ file: "install.yml"
+ apply:
+ become: true
+ tags:
+ - install
+ tags:
+ - always
+
+- name: "CONFIGURE"
+ ansible.builtin.include_tasks:
+ file: "configure.yml"
+ apply:
+ become: true
+ tags:
+ - configure
+ tags:
+ - always
+
+...
diff --git a/roles/postfix/templates/aliases.j2 b/roles/system/postfix/templates/aliases.j2
similarity index 100%
rename from roles/postfix/templates/aliases.j2
rename to roles/system/postfix/templates/aliases.j2
diff --git a/roles/postfix/templates/generic.j2 b/roles/system/postfix/templates/generic.j2
similarity index 100%
rename from roles/postfix/templates/generic.j2
rename to roles/system/postfix/templates/generic.j2
diff --git a/roles/postfix/templates/mailname.j2 b/roles/system/postfix/templates/mailname.j2
similarity index 100%
rename from roles/postfix/templates/mailname.j2
rename to roles/system/postfix/templates/mailname.j2
diff --git a/roles/postfix/templates/main.cf.j2 b/roles/system/postfix/templates/main.cf.j2
similarity index 100%
rename from roles/postfix/templates/main.cf.j2
rename to roles/system/postfix/templates/main.cf.j2
diff --git a/roles/postfix/templates/sasl-passwords.j2 b/roles/system/postfix/templates/sasl-passwords.j2
similarity index 100%
rename from roles/postfix/templates/sasl-passwords.j2
rename to roles/system/postfix/templates/sasl-passwords.j2
diff --git a/roles/postfix/templates/virtual.j2 b/roles/system/postfix/templates/virtual.j2
similarity index 100%
rename from roles/postfix/templates/virtual.j2
rename to roles/system/postfix/templates/virtual.j2
diff --git a/roles/postfix/vars/main.yml b/roles/system/postfix/vars/main.yml
similarity index 100%
rename from roles/postfix/vars/main.yml
rename to roles/system/postfix/vars/main.yml
diff --git a/roles/proxy/README.md b/roles/system/proxy/README.md
similarity index 79%
rename from roles/proxy/README.md
rename to roles/system/proxy/README.md
index f3bed31994b4c7618c34b50c76cd0f7f7895be65..5591f162708c8d3295b627857f84352396cc4c0c 100644
--- a/roles/proxy/README.md
+++ b/roles/system/proxy/README.md
@@ -17,12 +17,9 @@ proxy_http: ""
proxy_https: ""
```
-`proxy_exclude`: List of URL that does not use the proxy (Optional)
+`proxy_exclude`: List of non-local URL that does not use the proxy. "localhost" addresses are automatically added. (Optional)
```
proxy_exclude:
- - localhost
- - 127.0.0.1
- - ::1
- nudgis.example.com
- manager.example.com
- monitor.example.com
diff --git a/roles/proxy/defaults/main.yml b/roles/system/proxy/defaults/main.yml
similarity index 70%
rename from roles/proxy/defaults/main.yml
rename to roles/system/proxy/defaults/main.yml
index ab71ca12a88bb6b76016cbe0cdfe1612c18ada59..1e140c62d8603b16dee9224df092a074ea176bb3 100644
--- a/roles/proxy/defaults/main.yml
+++ b/roles/system/proxy/defaults/main.yml
@@ -6,11 +6,8 @@ proxy_http: ""
# Proxy URL for HTTPS calls (complete URL with protocol)
proxy_https: ""
-# List of URL that does not use the proxy
+# List of non-local URL that does not use the proxy. "localhost" addresses are automatically added.
proxy_exclude:
- - localhost
- - 127.0.0.1
- - ::1
- nudgis.example.com
- manager.example.com
- monitor.example.com
diff --git a/roles/proxy/tasks/configure.yml b/roles/system/proxy/tasks/configure.yml
similarity index 82%
rename from roles/proxy/tasks/configure.yml
rename to roles/system/proxy/tasks/configure.yml
index 1c36181a439a2c02ef5003f90e87f4013f5a3051..02777b7446aea24c441e020907b250b71c673513 100644
--- a/roles/proxy/tasks/configure.yml
+++ b/roles/system/proxy/tasks/configure.yml
@@ -1,6 +1,6 @@
---
-- name: CONFIGURE MANDATORY PROXY
+- name: "CONFIGURE MANDATORY PROXY"
ansible.builtin.include_tasks: "configure/proxy-configure.yml"
when:
- proxy_http is defined
diff --git a/roles/proxy/tasks/configure/proxy-configure.yml b/roles/system/proxy/tasks/configure/proxy-configure.yml
similarity index 89%
rename from roles/proxy/tasks/configure/proxy-configure.yml
rename to roles/system/proxy/tasks/configure/proxy-configure.yml
index 4564c3e643c931d1bb4d8c01aa32df040f6736f0..e38be3338671e4dab350e92af387e61ab55e2b52 100644
--- a/roles/proxy/tasks/configure/proxy-configure.yml
+++ b/roles/system/proxy/tasks/configure/proxy-configure.yml
@@ -1,10 +1,10 @@
---
-- name: Gather the package facts
+- name: "Gather the package facts"
ansible.builtin.package_facts:
manager: auto
-- name: environment
+- name: "Environment"
ansible.builtin.blockinfile:
path: /etc/environment
create: true
@@ -19,7 +19,7 @@
no_proxy={{ proxy_exclude | flatten | unique | reject('equalto', '') | join(',') }}
NO_PROXY={{ proxy_exclude | flatten | unique | reject('equalto', '') | join(',') }}
-- name: apt
+- name: "Apt"
ansible.builtin.copy:
dest: /etc/apt/apt.conf.d/proxy
mode: "644"
@@ -27,7 +27,7 @@
Acquire::http::Proxy "{{ proxy_http }}";
Acquire::https::Proxy "{{ proxy_https }}";
-- name: wget
+- name: "Wget"
when: "'wget' in ansible_facts.packages"
ansible.builtin.copy:
dest: /etc/wgetrc
@@ -38,7 +38,7 @@
https_proxy={{ proxy_https }}
no_proxy={{ proxy_exclude | flatten | unique | reject('equalto', '') | join(',') }}
-- name: git
+- name: "Git"
when: "'git' in ansible_facts.packages"
community.general.git_config:
name: "{{ item.name }}"
@@ -46,9 +46,9 @@
value: "{{ item.value }}"
state: present
loop:
- - name: http.proxy
+ - name: "Http.proxy"
value: "{{ proxy_http }}"
- - name: https.proxy
+ - name: "Https.proxy"
value: "{{ proxy_https }}"
...
diff --git a/roles/system/proxy/tasks/main.yml b/roles/system/proxy/tasks/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..e4ffaed4be503f10468db8beda569b97972a788f
--- /dev/null
+++ b/roles/system/proxy/tasks/main.yml
@@ -0,0 +1,13 @@
+---
+
+- name: "CONFIGURE"
+ ansible.builtin.include_tasks:
+ file: "configure.yml"
+ apply:
+ become: true
+ tags:
+ - configure
+ tags:
+ - always
+
+...
diff --git a/roles/sysconfig/README.md b/roles/system/repository/README.md
similarity index 66%
rename from roles/sysconfig/README.md
rename to roles/system/repository/README.md
index d517e97d15d340fc344d4546dd7e6a98140df878..6241a728f2883d884f75a7d0c07a75b043c42c68 100644
--- a/roles/sysconfig/README.md
+++ b/roles/system/repository/README.md
@@ -1,7 +1,7 @@
-# Sysconfig
+# Repository
## Description
-The sysconfig group handles the installation and configuration of system components.
+The group handles the installation and configuration of debian and ubicast repositories
## Role Variables
@@ -9,7 +9,7 @@ Available variables are listed below, along with the descriptions and the defaul
`offline_mode`: Do not configure any repository and use local repository (Optional)
```
-offline_mode: False
+offline_mode: false
```
`repos_debian_prefix`: Prefix of the debian repositories, with the protocol (example: "http://"). Used when the apt-cacher-ng of the Nudgis Manager proxifies the debian repositories. (Optional)
@@ -17,20 +17,6 @@ offline_mode: False
repos_debian_prefix: "http://"
```
-`init_locale`: Value for the system locale (Optional)
-```
-init_locale: "en_GB.UTF-8"
-```
-
-`ntp_servers`: List of NTP servers to use on the systems (Optional)
-```
-ntp_servers:
- - 0.debian.pool.ntp.org
- - 1.debian.pool.ntp.org
- - 2.debian.pool.ntp.org
- - 3.debian.pool.ntp.org
-```
-
`repos_ubicast_packages_token`: Token used in the UbiCast debian repository URL
```
repos_ubicast_packages_token: "XXXX-XXXX-XXXX-XXXX-XXXX"
@@ -41,11 +27,6 @@ repos_ubicast_packages_token: "XXXX-XXXX-XXXX-XXXX-XXXX"
repos_ubicast_packages_domain: "manager.example.com"
```
-`init_timezone`: Timezone to set on the servers (`timedatectl list-timezones` for the complete list) (Optional)
-```
-init_timezone: "Europe/Paris"
-```
-
`repos_debian_packages_domain`: Domain to use for the Debian repositories (Optional)
```
repos_debian_packages_domain: "deb.debian.org"
diff --git a/roles/sysconfig/defaults/main.yml b/roles/system/repository/defaults/main.yml
similarity index 65%
rename from roles/sysconfig/defaults/main.yml
rename to roles/system/repository/defaults/main.yml
index feda680433ebf2f5dc6ce1a27af39aae9744467f..a7047eb70e3f92e64a9211e3e5f4a05da6542ed6 100644
--- a/roles/sysconfig/defaults/main.yml
+++ b/roles/system/repository/defaults/main.yml
@@ -1,30 +1,17 @@
---
# Do not configure any repository and use local repository
-offline_mode: False
+offline_mode: false
# Prefix of the debian repositories, with the protocol (example: "http://"). Used when the apt-cacher-ng of the Nudgis Manager proxifies the debian repositories.
repos_debian_prefix: "http://"
-# Value for the system locale
-init_locale: "en_GB.UTF-8"
-
-# List of NTP servers to use on the systems
-ntp_servers:
- - 0.debian.pool.ntp.org
- - 1.debian.pool.ntp.org
- - 2.debian.pool.ntp.org
- - 3.debian.pool.ntp.org
-
# Token used in the UbiCast debian repository URL
repos_ubicast_packages_token: "XXXX-XXXX-XXXX-XXXX-XXXX"
# Domain of the UbiCast debian packages repository URL
repos_ubicast_packages_domain: "manager.example.com"
-# Timezone to set on the servers (`timedatectl list-timezones` for the complete list)
-init_timezone: "Europe/Paris"
-
# Domain to use for the Debian repositories
repos_debian_packages_domain: "deb.debian.org"
diff --git a/roles/system/repository/handlers/main.yml b/roles/system/repository/handlers/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..d9c644d11bb5489af67733e28f5c9586b6a81877
--- /dev/null
+++ b/roles/system/repository/handlers/main.yml
@@ -0,0 +1,10 @@
+---
+
+- name: "Trigger apt update"
+ ansible.builtin.apt:
+ update_cache: true
+ register: apt_status
+ retries: 60
+ until: apt_status is success or ('Failed to lock apt for exclusive operation' not in apt_status.msg and '/var/lib/dpkg/lock' not in apt_status.msg)
+
+...
diff --git a/roles/system/repository/tasks/base.yml b/roles/system/repository/tasks/base.yml
new file mode 100644
index 0000000000000000000000000000000000000000..4a37b91d1ab1ed250f08e0e0356fcb96f28a04eb
--- /dev/null
+++ b/roles/system/repository/tasks/base.yml
@@ -0,0 +1,22 @@
+---
+
+- name: "BASE CONFIGURE DEBIAN APT REPOSITORIES"
+ ansible.builtin.include_tasks: "base/apt_debian.yml"
+ when:
+ - offline_mode is defined and not offline_mode
+ - repos_debian_prefix is defined
+ - repos_debian_packages_domain is defined
+ - repos_debian_security_packages_domain is defined
+
+- name: "BASE CONFIGURE UBICAST APT REPOSITORIES"
+ ansible.builtin.include_tasks: "base/apt_ubicast.yml"
+ when:
+ - offline_mode is defined and not offline_mode
+ - repos_ubicast_packages_token is defined
+ - repos_ubicast_packages_domain is defined
+
+# Flush to force `apt update` with the news repositories
+- name: "Flush handlers"
+ ansible.builtin.meta: flush_handlers
+
+...
diff --git a/roles/sysconfig/tasks/base/apt_debian.yml b/roles/system/repository/tasks/base/apt_debian.yml
similarity index 82%
rename from roles/sysconfig/tasks/base/apt_debian.yml
rename to roles/system/repository/tasks/base/apt_debian.yml
index 9dde8847a96a7a3ef9afee405a2d679fe0eab518..fa707dbddb81ca2441ada2f1bd9736b57cedfcc6 100644
--- a/roles/sysconfig/tasks/base/apt_debian.yml
+++ b/roles/system/repository/tasks/base/apt_debian.yml
@@ -2,7 +2,7 @@
- name: "Add Debian packages repository"
when: not offline_mode
- notify: trigger apt update
+ notify: "Trigger apt update"
ansible.builtin.deb822_repository:
name: "debian"
types: "deb"
@@ -14,7 +14,7 @@
- name: "Add Debian security repository"
when: not offline_mode
- notify: trigger apt update
+ notify: "Trigger apt update"
ansible.builtin.deb822_repository:
name: "debian-security"
types: "deb"
@@ -23,7 +23,8 @@
components: "main"
# The file is emptied and not removed, because unattended-upgrades recreates it, if it is absent
-- name: "Empty non-deb822 base repository file"
+- name: "Empty non-deb822 base repository file" # noqa risky-file-permissions
+ when: not offline_mode
ansible.builtin.copy:
content: ""
dest: "/etc/apt/sources.list"
diff --git a/roles/sysconfig/tasks/base/apt_ubicast.yml b/roles/system/repository/tasks/base/apt_ubicast.yml
similarity index 70%
rename from roles/sysconfig/tasks/base/apt_ubicast.yml
rename to roles/system/repository/tasks/base/apt_ubicast.yml
index 4bd02050496e21c8c71f935491aa33ed9d1cf513..a84efee01c81edd88e712b8599a1f287756bc987 100644
--- a/roles/sysconfig/tasks/base/apt_ubicast.yml
+++ b/roles/system/repository/tasks/base/apt_ubicast.yml
@@ -1,6 +1,6 @@
---
-- name: "Prepare the {{ sysconfig_repos_keyrings_dir }} directory"
+- name: "Prepare the directory - {{ sysconfig_repos_keyrings_dir }}"
ansible.builtin.file:
path: "{{ sysconfig_repos_keyrings_dir }}"
state: directory
@@ -13,7 +13,7 @@
mode: "644"
- name: "Add UbiCast solutions repository"
- notify: trigger apt update
+ notify: "Trigger apt update"
ansible.builtin.deb822_repository:
name: "ubicast"
types: "deb"
@@ -22,7 +22,7 @@
signed_by: "{{ sysconfig_repos_keyrings_dir }}/{{ repos_ubicast_packages_domain }}.asc"
- name: "Add UbiCast security repository"
- notify: trigger apt update
+ notify: "Trigger apt update"
ansible.builtin.deb822_repository:
name: "ubicast-security"
types: "deb"
@@ -30,12 +30,4 @@
suites: "packaging/apt/ubicast-security-updates/{{ repos_release }}/"
signed_by: "{{ sysconfig_repos_keyrings_dir }}/{{ repos_ubicast_packages_domain }}.asc"
-- name: allow automatic updates for ubicast security repo
- ansible.builtin.lineinfile:
- path: /etc/apt/apt.conf.d/50unattended-upgrades
- insertafter: ^Unattended-Upgrade::Origins-Pattern {$
- line: ' "origin=UbiCast,label=UbiCast-Security";'
- backup: true
- notify: restart unattended-upgrades
-
...
diff --git a/roles/system/repository/tasks/install.yml b/roles/system/repository/tasks/install.yml
new file mode 100644
index 0000000000000000000000000000000000000000..be920a3736d2d8c5b52b68f28fe0ce0fadcb0aff
--- /dev/null
+++ b/roles/system/repository/tasks/install.yml
@@ -0,0 +1,22 @@
+---
+
+- name: "Update apt cache"
+ ansible.builtin.apt:
+ update_cache: true
+ cache_valid_time: 86400
+ changed_when: false
+ register: apt_status
+ retries: 60
+ until: apt_status is success or ('Failed to lock apt for exclusive operation' not in apt_status.msg and '/var/lib/dpkg/lock' not in apt_status.msg)
+
+- name: "Install repository utilities"
+ ansible.builtin.apt:
+ force_apt_get: true
+ install_recommends: false
+ name: "{{ sysconfig_repos_packages }}"
+ state: present
+ register: apt_status
+ retries: 60
+ until: apt_status is success or ('Failed to lock apt for exclusive operation' not in apt_status.msg and '/var/lib/dpkg/lock' not in apt_status.msg)
+
+...
diff --git a/roles/system/repository/tasks/main.yml b/roles/system/repository/tasks/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..0bb18f240f3c721004ecd393e94877e1cdc6dd0c
--- /dev/null
+++ b/roles/system/repository/tasks/main.yml
@@ -0,0 +1,23 @@
+---
+
+- name: "INSTALL"
+ ansible.builtin.include_tasks:
+ file: "install.yml"
+ apply:
+ become: true
+ tags:
+ - install
+ tags:
+ - always
+
+- name: "BASE CONFIGURATION"
+ ansible.builtin.include_tasks:
+ file: "base.yml"
+ apply:
+ become: true
+ tags:
+ - base
+ tags:
+ - always
+
+...
diff --git a/roles/system/repository/vars/main.yml b/roles/system/repository/vars/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..fd66d01f22c6221161633a65b87ab0590c353e77
--- /dev/null
+++ b/roles/system/repository/vars/main.yml
@@ -0,0 +1,15 @@
+---
+
+# Debian distribution short name (example: "bookworm")
+repos_release: "{{ ansible_distribution_release }}"
+
+# Packages required for the group
+sysconfig_repos_packages:
+ - python3-debian
+ - ca-certificates
+ - gnupg
+
+# Repository keyring path
+sysconfig_repos_keyrings_dir: "/usr/local/share/keyrings"
+
+...
diff --git a/roles/system/ssh/README.md b/roles/system/ssh/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..5fd5dc729298c3aec39186faf2cd84bf1102d568
--- /dev/null
+++ b/roles/system/ssh/README.md
@@ -0,0 +1,13 @@
+# Ssh
+## Description
+
+The group handles the installation and configuration of ssh server and client
+
+## Role Variables
+
+Available variables are listed below, along with the descriptions and the default values.
+
+`offline_mode`: Do not configure any ubicast ssh public key (Optional)
+```
+offline_mode: false
+```
diff --git a/roles/system/ssh/defaults/main.yml b/roles/system/ssh/defaults/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..7c4d3a6266593463bfc2950dda0274440aab394e
--- /dev/null
+++ b/roles/system/ssh/defaults/main.yml
@@ -0,0 +1,6 @@
+---
+
+# Do not configure any ubicast ssh public key
+offline_mode: false
+
+...
diff --git a/roles/system/ssh/handlers/main.yml b/roles/system/ssh/handlers/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..358be986cc0664e0ca25a8744b6a36b863cf3066
--- /dev/null
+++ b/roles/system/ssh/handlers/main.yml
@@ -0,0 +1,8 @@
+---
+
+- name: "Restart sshd"
+ ansible.builtin.service:
+ name: sshd
+ state: restarted
+
+...
diff --git a/roles/system/ssh/tasks/base.yml b/roles/system/ssh/tasks/base.yml
new file mode 100644
index 0000000000000000000000000000000000000000..41787f4bc0485b763454588f6549a38923b6db30
--- /dev/null
+++ b/roles/system/ssh/tasks/base.yml
@@ -0,0 +1,9 @@
+---
+
+- name: "BASE CONFIGURE SSH CLIENT"
+ ansible.builtin.include_tasks: "base/ssh-client.yml"
+
+- name: "BASE CONFIGURE SSH SERVER"
+ ansible.builtin.include_tasks: "base/ssh-server.yml"
+
+...
diff --git a/roles/sysconfig/tasks/base/ssh-client.yml b/roles/system/ssh/tasks/base/ssh-client.yml
similarity index 81%
rename from roles/sysconfig/tasks/base/ssh-client.yml
rename to roles/system/ssh/tasks/base/ssh-client.yml
index 857d539fa0d943f9a403e1356224651887223534..538fd7268f886b29c576a6b036a25ebc1064b54d 100644
--- a/roles/sysconfig/tasks/base/ssh-client.yml
+++ b/roles/system/ssh/tasks/base/ssh-client.yml
@@ -1,6 +1,6 @@
---
-- name: generate root ssh key pair
+- name: "Generate root ssh key pair"
register: conf_root
ansible.builtin.user:
name: root
diff --git a/roles/sysconfig/tasks/base/ssh-server.yml b/roles/system/ssh/tasks/base/ssh-server.yml
similarity index 72%
rename from roles/sysconfig/tasks/base/ssh-server.yml
rename to roles/system/ssh/tasks/base/ssh-server.yml
index 66467befedd4489ce3a8ac669bd0e469f5ce349e..2fadc5825d82dd140cf21fb1d87e6aa3a50edc69 100644
--- a/roles/sysconfig/tasks/base/ssh-server.yml
+++ b/roles/system/ssh/tasks/base/ssh-server.yml
@@ -1,24 +1,24 @@
---
-- name: verify root user ssh authorized key file
+- name: "Verify root user ssh authorized key file"
ansible.builtin.stat:
path: /root/.ssh/authorized_keys
register: auth
-- name: fail if the root ssh authorized key is missing or empty
+- name: "Fail if the root ssh authorized key is missing or empty"
ansible.builtin.fail:
msg: "Error: root user does not have any ssh key configured !\n\
Cannot configure PermitRootLogin to without-password"
when: not auth.stat.exists or auth.stat.size == 0
-- name: enable root login via ssh with key only
+- name: "Enable root login via ssh with key only"
ansible.builtin.replace:
dest: /etc/ssh/sshd_config
regexp: ^#?PermitRootLogin.*
replace: PermitRootLogin prohibit-password
- notify: restart sshd
+ notify: "Restart sshd"
-- name: remove disabled root login
+- name: "Remove disabled root login"
ansible.builtin.replace:
dest: /root/.ssh/authorized_keys
regexp: ^no-port-forwarding,(.+) ssh-
diff --git a/roles/system/ssh/tasks/install.yml b/roles/system/ssh/tasks/install.yml
new file mode 100644
index 0000000000000000000000000000000000000000..8d1567e3123ef7dee7d4a54da0594407ab161d19
--- /dev/null
+++ b/roles/system/ssh/tasks/install.yml
@@ -0,0 +1,25 @@
+---
+
+- name: "Install ssh packages"
+ ansible.builtin.apt:
+ force_apt_get: true
+ install_recommends: false
+ name: "{{ ssh_packages }}"
+ state: present
+ register: apt_status
+ retries: 60
+ until: apt_status is success or ('Failed to lock apt for exclusive operation' not in apt_status.msg and '/var/lib/dpkg/lock' not in apt_status.msg)
+
+- name: "Install UbiCast ssh public keys"
+ when: not offline_mode | d(false)
+ ansible.builtin.apt:
+ force_apt_get: true
+ install_recommends: false
+ update_cache: true
+ name: "{{ ssh_keys_packages }}"
+ state: present
+ register: apt_status
+ retries: 60
+ until: apt_status is success or ('Failed to lock apt for exclusive operation' not in apt_status.msg and '/var/lib/dpkg/lock' not in apt_status.msg)
+
+...
diff --git a/roles/system/ssh/tasks/main.yml b/roles/system/ssh/tasks/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..0bb18f240f3c721004ecd393e94877e1cdc6dd0c
--- /dev/null
+++ b/roles/system/ssh/tasks/main.yml
@@ -0,0 +1,23 @@
+---
+
+- name: "INSTALL"
+ ansible.builtin.include_tasks:
+ file: "install.yml"
+ apply:
+ become: true
+ tags:
+ - install
+ tags:
+ - always
+
+- name: "BASE CONFIGURATION"
+ ansible.builtin.include_tasks:
+ file: "base.yml"
+ apply:
+ become: true
+ tags:
+ - base
+ tags:
+ - always
+
+...
diff --git a/roles/sysuser/vars/main.yml b/roles/system/ssh/vars/main.yml
similarity index 50%
rename from roles/sysuser/vars/main.yml
rename to roles/system/ssh/vars/main.yml
index 2d2d9f887df9f82a08206c28cc2101d6d885a559..a520b263954afe0ffa8100639ce364bd9b6dabfe 100644
--- a/roles/sysuser/vars/main.yml
+++ b/roles/system/ssh/vars/main.yml
@@ -1,7 +1,12 @@
---
# Packages required for the group
-users_packages:
+ssh_packages:
+ - openssh-client
+ - openssh-server
+
+# Packages required for the group
+ssh_keys_packages:
- ubicast-ssh-access-manager
- ubicast-ssh-access-support
diff --git a/roles/system/ubicast/README.md b/roles/system/ubicast/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..e561dd69b6561400fd97042f9ad6bd85c3fc1f4a
--- /dev/null
+++ b/roles/system/ubicast/README.md
@@ -0,0 +1,7 @@
+# Ubicast
+## Description
+
+The ubicast group is a meta-group used only to group together the various dependencies required by UbiCast solutions.
+
+ This group is only meant to be used as a meta group (see for instance meta groups section in the [standard example inventory](../../inventories/example/std/hosts) or [HA example inventory](../../inventories/example/ha/hosts)).
+ All system roles target this group: [repository](../repository/README.md), [postfix](../postfix/README.md), [fail2ban](../fail2ban/README.md), ...
diff --git a/roles/system/unattended_upgrades/README.md b/roles/system/unattended_upgrades/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..2391c06907365c7cff9df234e75f14200e5fcd8d
--- /dev/null
+++ b/roles/system/unattended_upgrades/README.md
@@ -0,0 +1,4 @@
+# Unattended_upgrades
+## Description
+
+The group handles the installation and configuration of unattended upgrades
diff --git a/roles/system/unattended_upgrades/handlers/main.yml b/roles/system/unattended_upgrades/handlers/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..6ce86a6ab10ed0d6e6f5326c79e23f1e92d8fc8d
--- /dev/null
+++ b/roles/system/unattended_upgrades/handlers/main.yml
@@ -0,0 +1,8 @@
+---
+
+- name: "Restart unattended-upgrades"
+ ansible.builtin.service:
+ name: unattended-upgrades
+ state: restarted
+
+...
diff --git a/roles/system/unattended_upgrades/tasks/base.yml b/roles/system/unattended_upgrades/tasks/base.yml
new file mode 100644
index 0000000000000000000000000000000000000000..d1db8f952c4e99f77f3d8174ff1997516aa9764c
--- /dev/null
+++ b/roles/system/unattended_upgrades/tasks/base.yml
@@ -0,0 +1,6 @@
+---
+
+- name: "BASE CONFIGURE UNATTENDED UPGRADES"
+ ansible.builtin.include_tasks: "base/unattended_upgrades.yml"
+
+...
diff --git a/roles/system/unattended_upgrades/tasks/base/unattended_upgrades.yml b/roles/system/unattended_upgrades/tasks/base/unattended_upgrades.yml
new file mode 100644
index 0000000000000000000000000000000000000000..3da4b8ec4853a2e0e671650d206611b27583da69
--- /dev/null
+++ b/roles/system/unattended_upgrades/tasks/base/unattended_upgrades.yml
@@ -0,0 +1,26 @@
+---
+
+- name: "Enable unattended upgrades"
+ ansible.builtin.copy:
+ dest: /etc/apt/apt.conf.d/20auto-upgrades
+ content: |
+ APT::Periodic::Update-Package-Lists "1";
+ APT::Periodic::Unattended-Upgrade "1";
+ mode: "644"
+
+- name: "Remove old kernel with unattended-upgrades"
+ ansible.builtin.replace:
+ dest: /etc/apt/apt.conf.d/50unattended-upgrades
+ regexp: ^//Unattended-Upgrade::Remove-Unused-Kernel-Packages.*$
+ replace: Unattended-Upgrade::Remove-Unused-Kernel-Packages "true";
+ notify: "Restart unattended-upgrades"
+
+- name: "Allow automatic updates for ubicast security repo"
+ ansible.builtin.lineinfile:
+ path: /etc/apt/apt.conf.d/50unattended-upgrades
+ insertafter: ^Unattended-Upgrade::Origins-Pattern {$
+ line: ' "origin=UbiCast,label=UbiCast-Security";'
+ backup: true
+ notify: "Restart unattended-upgrades"
+
+...
diff --git a/roles/system/unattended_upgrades/tasks/install.yml b/roles/system/unattended_upgrades/tasks/install.yml
new file mode 100644
index 0000000000000000000000000000000000000000..90f8159688d977d4c05d174cde1120c98bcab69b
--- /dev/null
+++ b/roles/system/unattended_upgrades/tasks/install.yml
@@ -0,0 +1,13 @@
+---
+
+- name: "Install unattended upgrades"
+ ansible.builtin.apt:
+ force_apt_get: true
+ install_recommends: false
+ name: "{{ unattended_upgrades_packages }}"
+ state: present
+ register: apt_status
+ retries: 60
+ until: apt_status is success or ('Failed to lock apt for exclusive operation' not in apt_status.msg and '/var/lib/dpkg/lock' not in apt_status.msg)
+
+...
diff --git a/roles/system/unattended_upgrades/tasks/main.yml b/roles/system/unattended_upgrades/tasks/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..0bb18f240f3c721004ecd393e94877e1cdc6dd0c
--- /dev/null
+++ b/roles/system/unattended_upgrades/tasks/main.yml
@@ -0,0 +1,23 @@
+---
+
+- name: "INSTALL"
+ ansible.builtin.include_tasks:
+ file: "install.yml"
+ apply:
+ become: true
+ tags:
+ - install
+ tags:
+ - always
+
+- name: "BASE CONFIGURATION"
+ ansible.builtin.include_tasks:
+ file: "base.yml"
+ apply:
+ become: true
+ tags:
+ - base
+ tags:
+ - always
+
+...
diff --git a/roles/system/unattended_upgrades/vars/main.yml b/roles/system/unattended_upgrades/vars/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..0b23d956be3f0b078c4de797adfbe639820b20da
--- /dev/null
+++ b/roles/system/unattended_upgrades/vars/main.yml
@@ -0,0 +1,7 @@
+---
+
+# Packages required for the group
+unattended_upgrades_packages:
+ - unattended-upgrades
+
+...
diff --git a/roles/sysuser/README.md b/roles/system/user/README.md
similarity index 67%
rename from roles/sysuser/README.md
rename to roles/system/user/README.md
index dce16f765f27e656ce0d19fcebd8ecc965a7b64a..7bb183110c4e2048929462e11fcb0636313c0dbb 100644
--- a/roles/sysuser/README.md
+++ b/roles/system/user/README.md
@@ -1,17 +1,12 @@
-# Sysuser
+# User
## Description
-Used by the "base" metagroup to setup the system users
+The group handles the setup the system users
## Role Variables
Available variables are listed below, along with the descriptions and the default values.
-`offline_mode`: Do not configure any ubicast ssh public key (Optional)
-```
-offline_mode: False
-```
-
`sysuser_ubicast_password`: Password for the system user ubicast
```
sysuser_ubicast_password: "changeit"
diff --git a/roles/sysuser/defaults/main.yml b/roles/system/user/defaults/main.yml
similarity index 70%
rename from roles/sysuser/defaults/main.yml
rename to roles/system/user/defaults/main.yml
index 202fa54f35698bd5dafc234505ee8624b0b734db..0e0372d66ed7fe9ca0d9f4f7ac1f1e62f26a94fa 100644
--- a/roles/sysuser/defaults/main.yml
+++ b/roles/system/user/defaults/main.yml
@@ -1,8 +1,5 @@
---
-# Do not configure any ubicast ssh public key
-offline_mode: False
-
# Password for the system user ubicast
sysuser_ubicast_password: "changeit"
diff --git a/roles/sysuser/files/bashrc b/roles/system/user/files/bashrc
similarity index 100%
rename from roles/sysuser/files/bashrc
rename to roles/system/user/files/bashrc
diff --git a/roles/sysuser/files/vimrc b/roles/system/user/files/vimrc
similarity index 100%
rename from roles/sysuser/files/vimrc
rename to roles/system/user/files/vimrc
diff --git a/roles/sysuser/tasks/base.yml b/roles/system/user/tasks/base.yml
similarity index 71%
rename from roles/sysuser/tasks/base.yml
rename to roles/system/user/tasks/base.yml
index b9dcdf0cc17b2420954c00a12787d7401ef7e625..062ed594b108fd6ca9b669d088811820402d4891 100644
--- a/roles/sysuser/tasks/base.yml
+++ b/roles/system/user/tasks/base.yml
@@ -1,9 +1,9 @@
---
-- name: CONFIGURE SUDOERS
+- name: "CONFIGURE SUDOERS"
ansible.builtin.include_tasks: "base/sudoers.yml"
-- name: SETUP ROOT DOTFILES
+- name: "SETUP ROOT DOTFILES"
ansible.builtin.include_tasks: "common/dotfiles.yml"
vars:
user: "root"
diff --git a/roles/sysuser/tasks/base/sudoers.yml b/roles/system/user/tasks/base/sudoers.yml
similarity index 82%
rename from roles/sysuser/tasks/base/sudoers.yml
rename to roles/system/user/tasks/base/sudoers.yml
index 564d9548bc5d187c4208a424f7b110a9cf94d91f..99a4fd936e5302c3b042033f6a11dbf6a72ed33b 100644
--- a/roles/sysuser/tasks/base/sudoers.yml
+++ b/roles/system/user/tasks/base/sudoers.yml
@@ -1,6 +1,6 @@
---
-- name: sudoers without password
+- name: "Sudoers without password"
ansible.builtin.copy:
dest: /etc/sudoers.d/nopasswd
validate: visudo -cf %s
diff --git a/roles/sysuser/tasks/common/dotfiles.yml b/roles/system/user/tasks/common/dotfiles.yml
similarity index 71%
rename from roles/sysuser/tasks/common/dotfiles.yml
rename to roles/system/user/tasks/common/dotfiles.yml
index c21230784a10a594d699604a5626cbef395ef98c..93ebd266a0a3161c64fe0b3520f64f1ba5ffd602 100644
--- a/roles/sysuser/tasks/common/dotfiles.yml
+++ b/roles/system/user/tasks/common/dotfiles.yml
@@ -1,12 +1,12 @@
---
-- name: "({{ user }}) copy .bashrc"
+- name: "Copy .bashrc - {{ user }}"
ansible.builtin.copy:
src: bashrc
dest: ~{{ user }}/.bashrc
mode: "644"
-- name: "({{ user }}) copy .vimrc"
+- name: "Copy .vimrc - {{ user }}"
ansible.builtin.copy:
src: vimrc
dest: ~{{ user }}/.vimrc
diff --git a/roles/sysuser/tasks/configure.yml b/roles/system/user/tasks/configure.yml
similarity index 83%
rename from roles/sysuser/tasks/configure.yml
rename to roles/system/user/tasks/configure.yml
index 63f3f42502565fea478d75de196234d33add3d23..fe75c355fc08da447d15a9a19d3538d60b6fbd03 100644
--- a/roles/sysuser/tasks/configure.yml
+++ b/roles/system/user/tasks/configure.yml
@@ -1,13 +1,13 @@
---
-- name: CREATE ADMIN USER
+- name: "CREATE ADMIN USER"
ansible.builtin.include_tasks: "configure/create_user.yml"
vars:
user: "admin"
when:
- sysuser_admin_password is defined
-- name: CREATE UBICAST USER
+- name: "CREATE UBICAST USER"
ansible.builtin.include_tasks: "configure/create_user.yml"
vars:
user: "ubicast"
diff --git a/roles/sysuser/tasks/configure/create_user.yml b/roles/system/user/tasks/configure/create_user.yml
similarity index 78%
rename from roles/sysuser/tasks/configure/create_user.yml
rename to roles/system/user/tasks/configure/create_user.yml
index 66d1e5a4382bca1cc356fa1896be4e4f2d7f3cc3..f4cb1af863a45cc666f7b5d9a8fa4bbd85faf59f 100644
--- a/roles/sysuser/tasks/configure/create_user.yml
+++ b/roles/system/user/tasks/configure/create_user.yml
@@ -1,11 +1,11 @@
---
-- name: "({{ user }}) create user group"
+- name: "Create user group - {{ user }}"
ansible.builtin.group:
name: "{{ user }}"
state: present
-- name: "({{ user }}) create user"
+- name: "Create user - {{ user }}"
ansible.builtin.user:
name: "{{ user }}"
group: "{{ user }}"
@@ -18,13 +18,13 @@
- sudo
state: present
-- name: "({{ user }}) set password"
+- name: "Set password - {{ user }}"
ansible.builtin.user:
name: "{{ user }}"
password: "{{ lookup('vars', 'sysuser_' + user + '_password') | password_hash('sha512', 'ubicastsalt') }}"
update_password: always
-- name: "SETUP {{ user | upper }} DOTFILES"
+- name: "SETUP DOTFILES - {{ user | upper }}"
ansible.builtin.include_tasks: "../common/dotfiles.yml"
...
diff --git a/roles/system/user/tasks/main.yml b/roles/system/user/tasks/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..206d1a7bc8b522b034f3ff54e917f9a097eb6fe1
--- /dev/null
+++ b/roles/system/user/tasks/main.yml
@@ -0,0 +1,23 @@
+---
+
+- name: "BASE CONFIGURATION"
+ ansible.builtin.include_tasks:
+ file: "base.yml"
+ apply:
+ become: true
+ tags:
+ - base
+ tags:
+ - always
+
+- name: "CONFIGURE"
+ ansible.builtin.include_tasks:
+ file: "configure.yml"
+ apply:
+ become: true
+ tags:
+ - configure
+ tags:
+ - always
+
+...
diff --git a/roles/sysuser/tasks/install.yml b/roles/sysuser/tasks/install.yml
deleted file mode 100644
index e5733c6dc77dd975d38e07879c6094784b4a7a83..0000000000000000000000000000000000000000
--- a/roles/sysuser/tasks/install.yml
+++ /dev/null
@@ -1,15 +0,0 @@
----
-
-- name: install ubicast ssh access
- when: not offline_mode | d(false)
- ansible.builtin.apt:
- force_apt_get: true
- install_recommends: false
- update_cache: true
- name: "{{ users_packages }}"
- state: present
- register: apt_status
- retries: 60
- until: apt_status is success or ('Failed to lock apt for exclusive operation' not in apt_status.msg and '/var/lib/dpkg/lock' not in apt_status.msg)
-
-...
diff --git a/roles/sysuser/tasks/main.yml b/roles/sysuser/tasks/main.yml
deleted file mode 100644
index 21ffa13e2e09ad71a2c7b4debadf373c8dab60cf..0000000000000000000000000000000000000000
--- a/roles/sysuser/tasks/main.yml
+++ /dev/null
@@ -1,33 +0,0 @@
----
-
-- name: INSTALL
- ansible.builtin.include_tasks:
- file: "install.yml"
- apply:
- become: true
- tags:
- - install
- tags:
- - always
-
-- name: BASE CONFIGURATION
- ansible.builtin.include_tasks:
- file: "base.yml"
- apply:
- become: true
- tags:
- - base
- tags:
- - always
-
-- name: CONFIGURE
- ansible.builtin.include_tasks:
- file: "configure.yml"
- apply:
- become: true
- tags:
- - configure
- tags:
- - always
-
-...
diff --git a/roles/tester/tasks/configure/tester-configure.yml b/roles/tester/tasks/configure/tester-configure.yml
deleted file mode 100644
index 77d2a1fbf5f174f800658d5990dff37916cdb993..0000000000000000000000000000000000000000
--- a/roles/tester/tasks/configure/tester-configure.yml
+++ /dev/null
@@ -1,16 +0,0 @@
----
-
-- name: tester configuration
- ansible.builtin.replace:
- path: /etc/ubicast-tester/config.yml
- regexp: '^(\s*)#?{{ item.name }}:(\s*).*$'
- replace: '\1{{ item.name }}:\2{{ item.value }}'
- loop:
- - { name: 'name', value: '"{{ tester_system_name }}"' } # noqa: yaml[commas]
- - { name: 'token', value: '"{{ repos_ubicast_packages_token }}"' } # noqa: yaml[commas]
- - { name: 'from', value: '"{{ tester_email_from }}"' } # noqa: yaml[commas]
- - { name: 'to', value: '"{{ tester_email_to }}"' } # noqa: yaml[commas]
- - { name: 'admin', value: '"{{ tester_email_admin }}"' } # noqa: yaml[commas]
- - { name: 'ignored', value: '{{ tester_tests_ignored }}' }
-
-...
diff --git a/roles/tester/tasks/main.yml b/roles/tester/tasks/main.yml
deleted file mode 100644
index 4ca9b1ce59bf99a101c275a40afab2c0fc69e94a..0000000000000000000000000000000000000000
--- a/roles/tester/tasks/main.yml
+++ /dev/null
@@ -1,23 +0,0 @@
----
-
-- name: INSTALL
- ansible.builtin.include_tasks:
- file: "install.yml"
- apply:
- become: true
- tags:
- - install
- tags:
- - always
-
-- name: CONFIGURE
- ansible.builtin.include_tasks:
- file: "configure.yml"
- apply:
- become: true
- tags:
- - configure
- tags:
- - always
-
-...