Amélioration du déploiement via Ansible

2020-03-21 14:13:43 +01:00
parent 8342918591
commit a52a234214
20 changed files with 1025 additions and 61 deletions
--- a/deploiement/sources/zone_interne/ct_interne.yml
+++ b/deploiement/sources/zone_interne/ct_interne.yml
@@ -0,0 +1,253 @@
+# Zone Interne
+# LDAP Master (CT108) : 10.0.2.1 | 10.1.0.108
+# Mail Backend (CT109) : 10.0.2.10 | 10.1.0.109
+# LDAP WebUI (CT110) : 10.0.2.15 | 10.1.0.110
+# NextCloud (CT111) : 10.0.2.20 | 10.1.0.111
+# Gitea (CT112) : 10.0.2.21 | 10.1.0.112
+# Gateway 10.0.2.0/24 -> 10.0.2.254
+# Gateway 10.1.0.0/24 -> 10.1.0.254
+
+# Créer les conteneurs, les mets à jours, configure les mises à jours de sécurité automatique,
+# installe des paquets utile et ceux des services, met en place ferm via notre template.
+
+
+- hosts: localhost
+  connection: local
+  gather_facts: no
+  tasks:
+    - include_vars: /root/src/source_pve.yml
+    - include_vars: /root/src/password_interne.yml
+
+    - name: Create LXC for LDAP Master (CT108)
+      proxmox:
+        api_user: root@pam
+        api_password: "{{ pass_pve }}"
+        api_host: '10.1.0.4'
+        node: alpha
+        cpus: 1
+        cores: 2
+        memory: 2048
+        disk: 16
+        swap: 1024
+        storage: local-zfs
+        ostemplate: 'local:vztmpl/debian-10.0-standard_10.0-1_amd64.tar.gz'
+        password: "{{ pass_ldap_master }}"
+        hostname: LDAPMaster
+        vmid: 108
+        onboot: yes
+        unprivileged: yes
+        nameserver: '10.0.2.253'
+        netif: '{"net0":"name=eth0,ip=10.0.2.1/24,gw=10.0.2.254,bridge=vmbr1,tag=30","net1":"name=eth1,ip=10.1.0.108/24,gw=10.1.0.254,bridge=vmbr2,tag=100"}'
+        pubkey: "{{ ssh_pub }}"
+        state: present
+
+    - name: Create LXC for Mail Backend (CT109)
+      proxmox:
+        api_user: root@pam
+        api_password: "{{ pass_pve }}"
+        api_host: '10.1.0.4'
+        node: alpha
+        cpus: 1
+        cores: 2
+        memory: 2048
+        disk: 64
+        swap: 1024
+        storage: local-zfs
+        ostemplate: 'local:vztmpl/debian-10.0-standard_10.0-1_amd64.tar.gz'
+        password: "{{ pass_mailback }}"
+        hostname: MailBackend
+        vmid: 109
+        onboot: yes
+        unprivileged: yes
+        nameserver: '10.0.2.253'
+        netif: '{"net0":"name=eth0,ip=10.0.2.10/24,gw=10.0.2.254,bridge=vmbr1,tag=30","net1":"name=eth1,ip=10.1.0.109/24,gw=10.1.0.254,bridge=vmbr2,tag=100"}'
+        pubkey: "{{ ssh_pub }}"
+        state: present
+
+    - name: Create LXC for LDAP Web UI (CT110)
+      proxmox:
+        api_user: root@pam
+        api_password: "{{ pass_pve }}"
+        api_host: '10.1.0.4'
+        node: alpha
+        cpus: 1
+        cores: 2
+        memory: 1024
+        disk: 16
+        swap: 1024
+        storage: local-zfs
+        ostemplate: 'local:vztmpl/debian-10.0-standard_10.0-1_amd64.tar.gz'
+        password: "{{ pass_ldap_webui }}"
+        hostname: LDAPUI
+        vmid: 110
+        onboot: yes
+        unprivileged: yes
+        nameserver: '10.0.2.253'
+        netif: '{"net0":"name=eth0,ip=10.0.2.15/24,gw=10.0.2.254,bridge=vmbr1,tag=30","net1":"name=eth1,ip=10.1.0.110/24,gw=10.1.0.254,bridge=vmbr2,tag=100"}'
+        pubkey: "{{ ssh_pub }}"
+        state: present
+
+    - name: Create LXC for NextCloud (CT110)
+      proxmox:
+        api_user: root@pam
+        api_password: "{{ pass_pve }}"
+        api_host: '10.1.0.4'
+        node: alpha
+        cpus: 1
+        cores: 2
+        memory: 2048
+        disk: 16
+        swap: 1024
+        storage: local-zfs
+        ostemplate: 'local:vztmpl/debian-10.0-standard_10.0-1_amd64.tar.gz'
+        password: "{{ pass_nextcloud }}"
+        hostname: NextCloud
+        vmid: 111
+        onboot: yes
+        unprivileged: yes
+        nameserver: '10.0.2.253'
+        netif: '{"net0":"name=eth0,ip=10.0.2.20/24,gw=10.0.2.254,bridge=vmbr1,tag=30","net1":"name=eth1,ip=10.1.0.111/24,gw=10.1.0.254,bridge=vmbr2,tag=100"}'
+        pubkey: "{{ ssh_pub }}"
+        state: present
+
+    - name: Create LXC for Gitea (CT111)
+      proxmox:
+        api_user: root@pam
+        api_password: "{{ pass_pve }}"
+        api_host: '10.1.0.4'
+        node: alpha
+        cpus: 1
+        cores: 2
+        memory: 2048
+        disk: 16
+        swap: 1024
+        storage: local-zfs
+        ostemplate: 'local:vztmpl/debian-10.0-standard_10.0-1_amd64.tar.gz'
+        password: "{{ pass_gitea }}"
+        hostname: Gitea
+        vmid: 112
+        onboot: yes
+        unprivileged: yes
+        nameserver: '10.0.2.253'
+        netif: '{"net0":"name=eth0,ip=10.0.2.21/24,gw=10.0.2.254,bridge=vmbr1,tag=30","net1":"name=eth1,ip=10.1.0.112/24,gw=10.1.0.254,bridge=vmbr2,tag=100"}'
+        pubkey: "{{ ssh_pub }}"
+        state: present
+
+
+    - name: Start Interne container
+      proxmox:
+        api_user: root@pam
+        api_password: "{{ pass_pve }}"
+        api_host: '10.1.0.4'
+        vmid: "{{ item }}"
+        state: started
+      with_items:
+        - '108'
+        - '109'
+        - '110'
+        - '111'
+        - '112'
+
+- hosts: zoneinterne
+  tasks:
+    - name: Set timezone for Interne
+      timezone:
+        name: Europe/Paris
+
+    - name: APT configuration for Interne
+      copy:
+        dest: "/etc/apt/apt.conf.d/01proxy"
+        content: |
+          Acquire::http {
+           Proxy "http://10.0.2.252:9999";
+          };
+
+    - name: WGET configuration for Interne
+      copy:
+        dest: "/root/.wgetrc"
+        content: |
+          http_proxy = http://10.0.2.252:3128/
+          https_proxy = http://10.0.2.252:3128/
+          use_proxy = on
+
+    - name: Apt Update for Interne
+      apt:
+        update_cache: yes
+
+    - name: Apt Upgrade for Interne
+      apt:
+        upgrade: dist
+
+    - name: Install utils for Interne
+      apt:
+        pkg:
+        - vim
+        - net-tools
+        - nmap
+        - dnsutils
+        - ferm
+        - unattended-upgrades
+        - apt-listchanges
+        - wget
+        - curl
+        - git
+
+    - name: Unattended-Upgrades Activation for Interne
+      shell: |
+        echo unattended-upgrades unattended-upgrades/enable_auto_updates boolean true | debconf-set-selections
+        dpkg-reconfigure -f noninteractive unattended-upgrades
+        echo 'Unattended-Upgrade::Mail "root";' >> /etc/apt/apt.conf.d/50unattended-upgrades
+
+- hosts: ldap
+  tasks:
+    - name: Install requirement for LDAP
+      apt:
+        pkg:
+        - slapd
+        - ldap-utils
+        - gnutls-bin
+        - ssl-cert
+
+    - name: Copy ferm configuration for LDAP
+      copy:
+        src: /root/src/ferm/ldap_ferm.conf
+        dest: /etc/ferm/ferm.conf
+        owner: root
+        group: root
+        mode: '0640'
+
+    - name: Restart ferm for LDAP
+      systemd:
+        name: "ferm"
+        state: restarted
+
+
+- hosts: webinterface
+  tasks:
+    - name: Copy ferm configuration for Web
+      copy:
+        src: /root/src/ferm/webinterface_ferm.conf
+        dest: /etc/ferm/ferm.conf
+        owner: root
+        group: root
+        mode: '0640'
+
+    - name: Restart ferm for Web
+      systemd:
+        name: "ferm"
+        state: restarted
+
+- hosts: mail
+  tasks:
+    - name: Copy ferm configuration for Mail
+      copy:
+        src: /root/src/ferm/mail_ferm.conf
+        dest: /etc/ferm/ferm.conf
+        owner: root
+        group: root
+        mode: '0640'
+
+    - name: Restart ferm for Mail
+      systemd:
+        name: "ferm"
+        state: restarted