foo.sh/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Remove nms hosts

Browse source
This commit is contained in:
Timo Makinen 2025-07-12 13:19:43 +00:00
parent fe5444052b
commit fd6b5542d9
7 changed files with 0 additions and 215 deletions
Download patch file Download diff file Expand all files Collapse all files

43
group_vars/nms.yml
View file

@ -1,43 +0,0 @@
---
datadisks:
- {size: 10, type: nvme}
chrony_allow:
- 172.20.25.0/24
unbound_zones:
- 25.20.172.in-addr.arpa
- oob.foo.sh
dhcpd_template: dhcpd.conf.oob.j2
dhcpd_ldap_filter: >-
(&(objectClass=ieee802Device)(objectClass=ipHost)(cn=*.oob.foo.sh))
network_vip_interfaces:
- device: eth0
vhid: 11
ipaddr: 172.20.20.21
netmask: 255.255.240.0
pass: "{{ vip21_pass }}"
- device: eth1
vhid: 25
ipaddr: 172.20.25.1
netmask: 255.255.255.0
pass: "{{ vip25_pass }}"
priority: "{{ vip25_priority }}"
firewall_in:
- {proto: tcp, port: 22, from: [172.20.20.0/22]}
- {proto: tcp, port: 25, from: [172.20.25.0/24]}
- {proto: tcp, port: 53, from: [172.20.25.0/24]}
- {proto: udp, port: 53, from: [172.20.25.0/24]}
- {proto: udp, port: 69, from: [172.20.25.0/24]}
- {proto: udp, port: 123, from: [172.20.25.0/24]}
- {proto: tcp, port: 443, from: [172.20.25.0/24]}
- {proto: udp, port: 514, from: [172.20.25.0/24]}
- {proto: tcp, port: 9100, from: [172.20.20.0/22]}
- {proto: tcp, port: 9116, from: [172.20.20.0/22]}
firewall_raw:
- "ip daddr 224.0.0.0/8 accept"
sssd_allow_groups:
- sysadm

20
host_vars/nms01.home.foo.sh.yml
View file

@ -1,20 +0,0 @@
---
vmhost: vmhost01.home.foo.sh
network_interfaces:
- device: eth0
vlan: 20
mac: "52:54:00:ac:dc:43"
nameservers: []
- device: eth1
vlan: 25
ipaddr: 172.20.25.2
netmask: 255.255.255.0
proto: static
nameservers: [172.20.25.1, 172.20.25.2, 172.20.25.3]
- device: eth2
vlan: 103
ipaddr: 192.168.100.2
netmask: 255.255.255.248
proto: static
vip25_priority: 128

20
host_vars/nms02.home.foo.sh.yml
View file

@ -1,20 +0,0 @@
---
vmhost: vmhost02.home.foo.sh
network_interfaces:
- device: eth0
vlan: 20
mac: "52:54:00:ac:dc:44"
nameservers: []
- device: eth1
vlan: 25
ipaddr: 172.20.25.3
netmask: 255.255.255.0
proto: static
nameservers: [172.20.25.1, 172.20.25.2, 172.20.25.3]
- device: eth2
vlan: 103
ipaddr: 192.168.100.3
netmask: 255.255.255.248
proto: static
vip25_priority: 1

7
hosts.yml
View file

@ -91,12 +91,6 @@ mqtt:
nas:
hosts:
nas02.home.foo.sh:
nms:
hosts:
nms01.home.foo.sh:
nms02.home.foo.sh:
vars:
snmp_exporter_version: "0.29.0"
ns:
hosts:
ns01.home.foo.sh:
@ -188,7 +182,6 @@ rocky9:
mirror:
mongodb:
nas:
nms:
ocinode:
print:
prometheus:

85
playbooks/nms.yml
View file

@ -1,85 +0,0 @@
---
- name: Deploy KVM virtual machines
ansible.builtin.import_playbook: include/deploy-kvm-guest.yml
vars:
myhosts: nms
- name: Configure instance
hosts: nms
user: root
gather_facts: true
pre_tasks:
- name: Mount /export
ansible.posix.mount:
name: /export
src: LABEL=/export
fstype: xfs
opts: noatime,noexec,nosuid,nodev
passno: "0"
dump: "0"
state: mounted
vars_files:
- "{{ ansible_private }}/vars.yml"
roles:
- base
- cups
- nginx
- role: nginx_site
nginx_site_name: oob.foo.sh
nginx_site_plaintext: false
- role: keytab
keytab_principals:
- "host/{{ inventory_hostname }}@{{ kerberos_realm }}"
- nfs_client
- role: autofs
autofs_home: false
- sssd
- mkhomedir
- aten_pdu
- routeros
- snmp_exporter
tasks:
- name: Enable UDP rsyslog server
ansible.builtin.import_role:
name: rsyslog
tasks_from: udp-listen
- name: Enable postfix mail relay
ansible.builtin.import_role:
name: postfix
tasks_from: relay
vars:
relay_domains: [foo.sh]
- name: Import unbound role
ansible.builtin.import_role:
name: unbound
- name: Import dhcpd role
ansible.builtin.import_role:
name: dhcpd
- name: Install extra packages
ansible.builtin.package:
name: "{{ item }}"
state: installed
with_items:
- nmap
- rcs
- unzip
- wget
- name: Create sw-backup script
ansible.builtin.copy:
dest: /usr/local/bin/sw-backup
content: |
#!/bin/sh
set -eu
ssh "admin@${1}" /export > "/srv/backup/${1}.rsc"
mode: "0755"
owner: root
group: "{{ ansible_wheel }}"

39
roles/unbound/templates/unbound.conf.nms01.home.foo.sh.j2
View file

@ -1,39 +0,0 @@
server:
interface: 0.0.0.0
interface: ::0
access-control: 127.0.0.0/8 allow
access-control: ::1 allow
access-control: 172.20.25.1/32 allow
access-control: 172.20.25.2/32 allow
access-control: 172.20.25.3/32 allow
access-control: 172.20.25.0/24 refuse_non_local
extended-statistics: yes
hide-identity: yes
hide-version: yes
tls-upstream: yes
tls-cert-bundle: {{ tls_bundle }}
chroot: ""
unblock-lan-zones: yes
remote-control:
control-enable: yes
control-interface: /var/run/unbound.sock
forward-zone:
name: "."
forward-addr: 172.20.20.10@853#dns.home.foo.sh
forward-addr: 172.20.20.11@853#dns.home.foo.sh
forward-addr: 172.20.20.12@853#dns.home.foo.sh
{% for zone in unbound_zones %}
auth-zone:
name: "{{ zone }}"
zonefile: "{{ unbound_zonedir }}/{{ zone }}"
{% endfor %}

1
roles/unbound/templates/unbound.conf.nms02.home.foo.sh.j2
View file

@ -1 +0,0 @@
unbound.conf.nms01.home.foo.sh.j2