web_logs: Refactor role completely
This commit is contained in:
parent
b6131534f6
commit
d0d9f3430a
4 changed files with 8 additions and 76 deletions
|
|
@ -1,3 +0,0 @@
|
||||||
---
|
|
||||||
dependencies:
|
|
||||||
- {role: ssh_known_hosts}
|
|
||||||
|
|
@ -2,6 +2,7 @@
|
||||||
- name: Create logsync group
|
- name: Create logsync group
|
||||||
ansible.builtin.group:
|
ansible.builtin.group:
|
||||||
name: logsync
|
name: logsync
|
||||||
|
gid: 312
|
||||||
system: true
|
system: true
|
||||||
|
|
||||||
- name: Create logsync user
|
- name: Create logsync user
|
||||||
|
|
@ -11,72 +12,15 @@
|
||||||
createhome: false
|
createhome: false
|
||||||
group: logsync
|
group: logsync
|
||||||
home: /var/empty
|
home: /var/empty
|
||||||
shell: /sbin/nologin
|
shell: /bin/sh
|
||||||
system: true
|
system: true
|
||||||
|
uid: 312
|
||||||
|
|
||||||
- name: Create logsync ssh key directory
|
- name: Include rclone role
|
||||||
ansible.builtin.file:
|
ansible.builtin.include_role:
|
||||||
path: /etc/ssh/logsync
|
|
||||||
state: directory
|
|
||||||
mode: "0750"
|
|
||||||
owner: root
|
|
||||||
group: logsync
|
|
||||||
|
|
||||||
- name: Create logsync ssh keys
|
|
||||||
ansible.builtin.command:
|
|
||||||
argv:
|
|
||||||
- ssh-keygen
|
|
||||||
- -t
|
|
||||||
- ed25519
|
|
||||||
- -C
|
|
||||||
- "logsync@{{ inventory_hostname }}"
|
|
||||||
- -N
|
|
||||||
- ""
|
|
||||||
- -f
|
|
||||||
- /etc/ssh/logsync/id_ed25519
|
|
||||||
creates: /etc/ssh/logsync/id_ed25519
|
|
||||||
|
|
||||||
- name: Fix logsync ssh key permissions
|
|
||||||
ansible.builtin.file:
|
|
||||||
path: "{{ item }}"
|
|
||||||
owner: root
|
|
||||||
group: logsync
|
|
||||||
mode: "0640"
|
|
||||||
with_items:
|
|
||||||
- /etc/ssh/logsync/id_ed25519
|
|
||||||
- /etc/ssh/logsync/id_ed25519.pub
|
|
||||||
|
|
||||||
- name: Import rclone role
|
|
||||||
ansible.builtin.import_role:
|
|
||||||
name: rclone
|
name: rclone
|
||||||
vars:
|
vars:
|
||||||
local_user: logsync
|
rclone_hostgroup: proxy
|
||||||
remote_user: logsync
|
rclone_service: logsync
|
||||||
hostgroup: webservers
|
|
||||||
destination: /var/cache/sync-http-logs
|
|
||||||
private_key: /etc/ssh/logsync/id_ed25519
|
|
||||||
|
|
||||||
- name: Create cache directory
|
|
||||||
ansible.builtin.file:
|
|
||||||
path: /var/cache/sync-http-logs
|
|
||||||
state: directory
|
|
||||||
mode: "0750"
|
|
||||||
owner: logsync
|
|
||||||
group: logsync
|
|
||||||
|
|
||||||
- name: Create log directory
|
|
||||||
ansible.builtin.file:
|
|
||||||
path: /export/web-log
|
|
||||||
state: directory
|
|
||||||
mode: "0750"
|
|
||||||
owner: root
|
|
||||||
group: "{{ ansible_wheel }}"
|
|
||||||
|
|
||||||
- name: Link data directory
|
|
||||||
ansible.builtin.file:
|
|
||||||
dest: /srv/web-log
|
|
||||||
src: /export/web-log
|
|
||||||
state: link
|
|
||||||
owner: root
|
|
||||||
group: "{{ ansible_wheel }}"
|
|
||||||
follow: false
|
|
||||||
|
|
|
||||||
|
|
@ -1,10 +0,0 @@
|
||||||
# {{ ansible_managed }}
|
|
||||||
{% for host in groups['webservers'] %}
|
|
||||||
|
|
||||||
[{{ host.split('.')[0] }}]
|
|
||||||
type = sftp
|
|
||||||
host = {{ host }}
|
|
||||||
user = logsync
|
|
||||||
key_file = ~/.ssh/id_ed25519
|
|
||||||
known_hosts_file = /etc/ssh/ssh_known_hosts
|
|
||||||
{% endfor %}
|
|
||||||
1
users.md
1
users.md
|
|
@ -17,3 +17,4 @@ entry empty. If only a group is created, leave the user entry empty.
|
||||||
| 309 | mirror | mirror | |
|
| 309 | mirror | mirror | |
|
||||||
| 310 | collab | collab | |
|
| 310 | collab | collab | |
|
||||||
| 311 | docker | docker | docker registry |
|
| 311 | docker | docker | docker registry |
|
||||||
|
| 312 | logsync | logsync | nginx log sync |
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue