Merge branch 't38020-debian-12' into 'main'

Debian 12 support, Refs #38020

See merge request sys/ansible-public!50

inventories/example/std/group_vars/ferm-install.yml

+---
+
+# Input policy for the ferm firewall
+#ferm_input_policy: "DROP"
+
+# Activates the logs for input packets
+#ferm_input_log: False
+
+# Prefix for the input packets log lines
+#ferm_input_log_prefix: "{{ ferm_input_policy }} INPUT "
+
+# Output policy for the ferm firewall
+#ferm_output_policy: "ACCEPT"
+
+# Activates the logs for output packets
+#ferm_output_log: False
+
+# Prefix for the output packets log lines
+#ferm_output_log_prefix: "{{ ferm_output_policy }} OUTPUT "
+
+# Forward policy for the ferm firewall
+#ferm_forward_policy: "DROP"
+
+# Activates the logs for forward packets
+#ferm_forward_log: False
+
+# Prefix for the forward packets log lines
+#ferm_forward_log_prefix: "{{ ferm_forward_policy }} FORWARD "
+
+...

inventories/example/std/group_vars/live.yml

+---
+
+# Define if the deployment is an HA architecture (i.e. live domain is not handle by nudgis frontend server)
+live_ha: False
+
+...

inventories/example/std/group_vars/mediaserver.yml

+---
+
+# Defines the address for the Nudgis Front emails sender
+#nudgis_front_email_from: "noreply@{{ nudgis_front_domain }}"
+
+# Defines the default deployed Nudgis portal "ubicast" user password
+nudgis_front_user_ubicast_password: "my-password"
+
+# Defines the default deployed Nudgis portal "admin" user password
+nudgis_front_user_admin_password: "my-password"
+
+# Domain to reach PostgreSQL database
+nudgis_front_database_domain: "127.0.0.1"
+
+# Port to reach PostgreSQL database
+nudgis_front_database_port: "5432"
+
+# Port to connect to PostgreSQL database with superuser rights
+nudgis_front_database_password: "my-password"
+
+# Directory to store nudgis portal
+#ndugis_front_instances_dir: "/data"
+
+...

inventories/example/std/group_vars/mediaworker.yml

+---
+
+# IP or domain on which the celerity server service can be joined
+celerity_server_domain: "{{ hostvars[groups['celerity'][0]]['ansible_default_ipv4']['address'] }}"
+
+# Secret key shared between celerity server and workers for communications (should be the same everywhere for communication)
+celerity_signing_key: "my-signing-key"
+
+...

inventories/example/std/group_vars/mirismanager.yml

+---
+
+# Defines the default address for the Nudgis Manager emails sender
+#manager_email_from: "noreply@{{ manager_domain }}"
+
+# Domain to reach PostgreSQL database
+manager_database_domain: "127.0.0.1"
+
+# Port to reach PostgreSQL database
+manager_database_port: "5432"
+
+# Port to connect to PostgreSQL database with superuser rights
+manager_database_password: "my-password"
+
+# Application ubicast user password
+manager_user_ubicast_password: "my-password"
+
+# Application admin user password
+manager_user_admin_password: "my-password"
+
+...

inventories/example/std/group_vars/msmonitor.yml

+---
+
+# Defines the default domain for monitor
+monitor_domain: "monitor.ubica.st"
+
+# Password for the webmonitor ubicast user
+monitor_user_ubicast_password: "my-password"
+
+# Password for the webmonitor admin user
+monitor_user_admin_password: "my-password"
+
+...

inventories/example/std/group_vars/netcapture.yml

+---
+
+# URL of the mirismanager to use for packages
+netcapture_mm_url: "manager.ubica.st"
+
+...

inventories/example/std/group_vars/postgres.yml

+---
+
+# PostgreSQL user/host connection file
+#database_host_authentification:
+#  - method: peer
+#    type: local
+#  - address: 127.0.0.1/32
+#    type: hostssl
+#  - address: ::1/128
+#    type: hostssl
+#  - database: replication
+#    method: peer
+#    type: local
+#  - address: 127.0.0.1/32
+#    database: replication
+#    type: hostssl
+#  - address: ::1/128
+#    database: replication
+#    type: hostssl
+
+# PostgreSQL configuration key/values
+#database_conf:
+#  - content: ''
+#    name: main
+
+# Dictionnary of extra databases to deploy (with `name` and `owner` keys)
+#database_databases: []
+
+# Password for the postgres admin account
+database_password: "my-password"
+
+# Dictionnary of extra PostgreSQL users to deploy (with `name`, `password`, `db`, `priv` and `roles` keys)
+#database_users: []
+
+# [HA only] Conninfo parameter populated in the repmgr configuration file
+#repmgr_conninfo: "host={{ ansible_default_ipv4.address }} dbname={{ repmgr_database }} user={{ repmgr_user }} connect_timeout={{ repmgr_timeout }}"
+
+# [HA only] Name of the repmgr database
+#repmgr_database: "repmgr"
+
+# [HA only] Password of the repmgr DB user
+#repmgr_password: ""
+
+# [HA only] Listening port for rephacheck
+#repmgr_repha_port: 8543
+
+# [HA only] List of roles for the repmgr user PostgreSQL pg_hba configuration
+#repmgr_roles: "LOGIN,REPLICATION,SUPERUSER"
+
+# [HA only] Timeout value for the repmgr connections
+#repmgr_timeout: 5
+
+# [HA only] Username of the repmgr DB user
+#repmgr_user: "repmgr"
+
+...

inventories/example/std/group_vars/sysconfig.yml

+---
+
+# Debian distribution short name (example: "bullseye")
+#repos_release: "{{ ansible_distribution_release }}"
+
+# Value for the system locale
+init_locale: "en_GB.UTF-8"
+
+# Timezone to set on the servers (`timedatectl list-timezones` for the complete list)
+#init_timezone: "Europe/Paris"
+
+# Domain to use for the Debian repositories
+#repos_debian_packages_domain: "deb.debian.org"
+
+# Domain to use for the Debian security repositories
+#repos_debian_security_packages_domain: "security.debian.org"
+
+...

inventories/example/std/group_vars/tester.yml

+---
+
+# UbiCast admin reciever of the email report for premiums
+tester_email_admin: "my-email@domain.com"
+
+# Reciever of the email report
+tester_email_to: "noreply@domain.com"
+
+...

inventories/example/std/host_vars/std-misc1.yml

+---
+
+# tester:
+#   Name of the system in the reports
+#tester_system_name: "{{ inventory_hostname }}"
+
+# tester:
+#   Sender of the email report
+#tester_email_from: "ubicast.tester"
+
+# tester:
+#   List of tests to ignore when executing the ubicast-tester
+tester_tests_ignored:
+  - uptime.sh
+
+# postfix:
+#   Define the specified email address for the unix root account (in /etc/aliases)
+postfix_admin: "admin@domain.com"
+
+# postfix:
+#   Default sender domain, used to complete both postfix configuration and the /etc/mailname content
+postfix_mailname: "ubica.st"
+
+# postfix:
+#   Email address used by postfix to send emails
+postfix_email_from: "noreply@domain.com"
+
+# postfix:
+#   SMTP host for the SASL account
+#postfix_relay_host: ""
+
+# postfix:
+#   User of the SMTP SASL account
+#postfix_relay_pass: ""
+
+# postfix:
+#   Password of the SMTP SASL account
+#postfix_relay_user: ""
+
+# mediacache:
+#   URL of the Nudgis Cache vhost
+cache_domain: "cache.ubica.st"
+
+# mediacache:
+#   Path of the folder to cache the VOD service data
+#cache_vod_folder: "/var/cache/nginx/mediacache-vod"
+
+# mediacache:
+#   Max size allowed for the VOD service data
+#cache_vod_size: "1"
+
+# mediacache:
+#   Path of the folder to cache the Live service data
+#cache_live_folder: "/var/cache/nginx/mediacache-live"
+
+# mediacache:
+#   Max size allowed for the Live service data
+#cache_live_size: "1"
+
+# netcapture:
+#   Password of the deployed netcapture miris API
+netcapture_miris_user_pwd: "my-password"
+
+# netcapture:
+#   Folder used to store the packages
+#netcapture_pkg_folder: "/data/netcapture/packages"
+
+# netcapture:
+#   Folder used to store the configurations
+#netcapture_conf_folder: "/etc/miris/conf"
+
+# netcapture:
+#   Folder used to store the medias
+#netcapture_media_folder: "/data/netcapture/media"
+
+# netcapture:
+#   Activates the SSL verification when calling the Nudgis Manager
+#netcapture_mm_ssl: True
+
+# netcapture:
+#   Activates the authentication for the deployed netcapture miris API
+#netcapture_miris_auth: True
+
+# sysuser:
+#   Do not configure any ubicast ssh public key
+# sysconfig:
+#   Do not configure any repository and use local repository
+#offline_mode: False
+
+# sysuser:
+#   Password for the system user ubicast
+sysuser_ubicast_password: "my-password"
+
+# sysuser:
+#   Password for the system user admin
+sysuser_admin_password: "my-password"
+
+# nginx:
+#   Path of the SSL certificate for nginx configuration
+#nginx_ssl_certificate: "/etc/ssl/certs/ssl-cert-snakeoil.pem"
+
+# nginx:
+#   Path of the SSL key for nginx configuration
+#nginx_ssl_certificate_key: "/etc/ssl/private/ssl-cert-snakeoil.key"
+
+# nginx:
+#   IPv4 address of the reverse-proxy or loadbalancer above the server(s)
+#nginx_real_ip_from: ""
+
+# sysconfig:
+#   Prefix of the debian repositories, with the protocol (example: "http://"). Used when the apt-cacher-ng of the Nudgis Manager proxifies the debian repositories.
+#repos_debian_prefix: "http://"
+
+# sysconfig:
+#   List of NTP servers to use on the systems
+ntp_servers:
+  - 0.debian.pool.ntp.org
+  - 1.debian.pool.ntp.org
+
+# sysconfig:
+#   Token used in the UbiCast debian repository URL
+repos_ubicast_packages_token: "UBICAST-APT-TOKEN"
+
+# sysconfig:
+#   Domain of the UbiCast debian packages repository URL
+repos_ubicast_packages_domain: "manager.ubica.st"
+
+# ferm-configure:
+#   Global settings to be put in ferm.d directory
+#ferm_global_settings: |
+
+
+# ferm-configure:
+#   List of input rules for the ferm firewall
+#ferm_input_rules: []
+
+# ferm-configure:
+#   List of output rules for the ferm firewall
+#ferm_output_rules: []
+
+# ferm-configure:
+#   Filename into which rules will be written
+#ferm_rules_filename: "default"
+
+# ferm-configure:
+#   List of forward rules for the ferm firewall
+#ferm_forward_rules: []
+
+...

inventories/example/std/host_vars/std-ms1.yml

+---
+
+# tester:
+#   Name of the system in the reports
+#tester_system_name: "{{ inventory_hostname }}"
+
+# tester:
+#   Sender of the email report
+#tester_email_from: "ubicast.tester"
+
+# tester:
+#   List of tests to ignore when executing the ubicast-tester
+tester_tests_ignored:
+  - uptime.sh
+
+# postfix:
+#   Define the specified email address for the unix root account (in /etc/aliases)
+postfix_admin: "admin@domain.com"
+
+# postfix:
+#   Default sender domain, used to complete both postfix configuration and the /etc/mailname content
+postfix_mailname: "ubica.st"
+
+# postfix:
+#   Email address used by postfix to send emails
+postfix_email_from: "noreply@domain.com"
+
+# postfix:
+#   SMTP host for the SASL account
+#postfix_relay_host: ""
+
+# postfix:
+#   User of the SMTP SASL account
+#postfix_relay_pass: ""
+
+# postfix:
+#   Password of the SMTP SASL account
+#postfix_relay_user: ""
+
+# postgres:
+#   [HA only] Define database role on this host. Possible values: primary, standby or witness
+#database_role: ""
+
+# live:
+#   Size of the tmpfs storing the live chunks (unit g or m and only if distinct live server(s) from MediaServer)
+#live_tmpfs_size: "2048m"
+
+# sysuser:
+#   Do not configure any ubicast ssh public key
+# sysconfig:
+#   Do not configure any repository and use local repository
+#offline_mode: False
+
+# sysuser:
+#   Password for the system user ubicast
+sysuser_ubicast_password: "my-password"
+
+# sysuser:
+#   Password for the system user admin
+sysuser_admin_password: "my-password"
+
+# mirismanager:
+#   Mandatory proxy to use in apt-cacher-ng
+#http_proxy: ""
+
+# nginx:
+#   Path of the SSL certificate for nginx configuration
+#nginx_ssl_certificate: "/etc/ssl/certs/ssl-cert-snakeoil.pem"
+
+# nginx:
+#   Path of the SSL key for nginx configuration
+#nginx_ssl_certificate_key: "/etc/ssl/private/ssl-cert-snakeoil.key"
+
+# nginx:
+#   IPv4 address of the reverse-proxy or loadbalancer above the server(s)
+#nginx_real_ip_from: ""
+
+# sysconfig:
+#   Prefix of the debian repositories, with the protocol (example: "http://"). Used when the apt-cacher-ng of the Nudgis Manager proxifies the debian repositories.
+#repos_debian_prefix: "http://"
+
+# sysconfig:
+#   List of NTP servers to use on the systems
+ntp_servers:
+  - 0.debian.pool.ntp.org
+  - 1.debian.pool.ntp.org
+
+# sysconfig:
+#   Token used in the UbiCast debian repository URL
+repos_ubicast_packages_token: "UBICAST-APT-TOKEN"
+
+# sysconfig:
+#   Domain of the UbiCast debian packages repository URL
+repos_ubicast_packages_domain: "manager.ubica.st"
+
+# ferm-configure:
+#   Global settings to be put in ferm.d directory
+#ferm_global_settings: |
+
+
+# ferm-configure:
+#   List of input rules for the ferm firewall
+#ferm_input_rules: []
+
+# ferm-configure:
+#   List of output rules for the ferm firewall
+#ferm_output_rules: []
+
+# ferm-configure:
+#   Filename into which rules will be written
+#ferm_rules_filename: "default"
+
+# ferm-configure:
+#   List of forward rules for the ferm firewall
+#ferm_forward_rules: []
+
+...

inventories/example/std/host_vars/std-mw1.yml

+---
+
+# tester:
+#   Name of the system in the reports
+#tester_system_name: "{{ inventory_hostname }}"
+
+# tester:
+#   Sender of the email report
+#tester_email_from: "ubicast.tester"
+
+# tester:
+#   List of tests to ignore when executing the ubicast-tester
+tester_tests_ignored:
+  - uptime.sh
+
+# postfix:
+#   Define the specified email address for the unix root account (in /etc/aliases)
+postfix_admin: "admin@domain.com"
+
+# postfix:
+#   Default sender domain, used to complete both postfix configuration and the /etc/mailname content
+postfix_mailname: "ubica.st"
+
+# postfix:
+#   Email address used by postfix to send emails
+postfix_email_from: "noreply@domain.com"
+
+# postfix:
+#   SMTP host for the SASL account
+#postfix_relay_host: ""
+
+# postfix:
+#   User of the SMTP SASL account
+#postfix_relay_pass: ""
+
+# postfix:
+#   Password of the SMTP SASL account
+#postfix_relay_user: ""
+
+# sysuser:
+#   Do not configure any ubicast ssh public key
+# sysconfig:
+#   Do not configure any repository and use local repository
+#offline_mode: False
+
+# sysuser:
+#   Password for the system user ubicast
+sysuser_ubicast_password: "my-password"
+
+# sysuser:
+#   Password for the system user admin
+sysuser_admin_password: "my-password"
+
+# sysconfig:
+#   Prefix of the debian repositories, with the protocol (example: "http://"). Used when the apt-cacher-ng of the Nudgis Manager proxifies the debian repositories.
+#repos_debian_prefix: "http://"
+
+# sysconfig:
+#   List of NTP servers to use on the systems
+ntp_servers:
+  - 0.debian.pool.ntp.org
+  - 1.debian.pool.ntp.org
+
+# sysconfig:
+#   Token used in the UbiCast debian repository URL
+repos_ubicast_packages_token: "UBICAST-APT-TOKEN"
+
+# sysconfig:
+#   Domain of the UbiCast debian packages repository URL
+repos_ubicast_packages_domain: "manager.ubica.st"
+
+# ferm-configure:
+#   Global settings to be put in ferm.d directory
+#ferm_global_settings: |
+
+
+# ferm-configure:
+#   List of input rules for the ferm firewall
+#ferm_input_rules: []
+
+# ferm-configure:
+#   List of output rules for the ferm firewall
+#ferm_output_rules: []
+
+# ferm-configure:
+#   Filename into which rules will be written
+#ferm_rules_filename: "default"
+
+# ferm-configure:
+#   List of forward rules for the ferm firewall
+#ferm_forward_rules: []
+
+...

inventories/example/std/hosts

+; -- Hosts --
+
+std-ms1
+std-mw1
+std-misc1
+
+; -- Groups --
+
+[celerity]
+std-ms1
+
+[mediaserver]
+std-ms1
+
+[postgres]
+std-ms1
+
+[live]
+std-ms1
+
+[mirismanager]
+std-ms1
+
+[mediaworker]
+std-mw1
+
+[mediacache]
+std-misc1
+
+[netcapture]
+std-misc1
+
+; -- Meta groups (do not edit) --
+
+[munin_server:children]
+mediaserver
+
+[msmonitor:children]
+munin_server
+
+[munin_node:children]
+celerity
+live
+mediacache
+mediaserver
+mediaworker
+mirismanager
+msmonitor
+postgres
+
+[tester:children]
+celerity
+live
+mediacache
+mediaserver
+mediaworker
+mirismanager
+msmonitor
+postgres

inventories/local-full/host_vars/localhost.dist.yml

----
-# customer name
-customer_short_name: customer
-
-# enable letsencrypt certificate
-letsencrypt_enabled: false
-
-# auto update conf.sh
-conf_update: false
-
-# activation keys
-skyreach_system_key:
-skyreach_activation_key:

inventories/local-full/hosts

-localhost ansible_connection=local
-
-[postgres]
-localhost
-
-[mirismanager]
-localhost
-
-[mediaserver]
-localhost
-
-[live]
-localhost
-
-[celerity]
-localhost
-
-[mediaworker]
-localhost
-
-[mediaimport]
-localhost
-
-[msmonitor]
-localhost
-
-[munin_server]
-localhost
-
-[munin_node]
-localhost
-
-; vim:ft=dosini

inventories/local-mediaimport/host_vars/localhost.dist.yml

----
-# activation keys
-skyreach_system_key:
-skyreach_activation_key:

inventories/local-mediaimport/hosts

-localhost ansible_connection=local
-
-[mediaimport]
-localhost
-
-; vim:ft=dosini

inventories/local-mediaserver/host_vars/localhost.dist.yml

----
-# customer name
-customer_short_name: customer
-
-# enable letsencrypt certificate
-letsencrypt_enabled: false
-
-# auto update conf.sh
-conf_update: false
-
-# activation keys
-skyreach_system_key:
-skyreach_activation_key:

inventories/local-mediaserver/hosts

-localhost ansible_connection=local
-
-[postgres]
-localhost
-
-[mirismanager]
-localhost
-
-[mediaserver]
-localhost
-
-[live]
-localhost
-
-[celerity]
-localhost
-
-[mediaimport]
-localhost
-
-[msmonitor]
-localhost
-
-[munin_server]
-localhost
-
-[munin_node]
-localhost
-
-; vim:ft=dosini