From 00a6d5121285ae0fa3c554d932d2650270cd6ce4 Mon Sep 17 00:00:00 2001 From: Stonewall Jackson Date: Mon, 6 Mar 2023 21:14:57 -0500 Subject: clean up example inventory --- inventory-example/40-groups | 96 +++++++++++++++++++++- inventory-example/group_vars/all/global.yml | 15 ---- inventory-example/group_vars/dav_servers.yml | 6 -- inventory-example/group_vars/el8.yml | 3 - inventory-example/group_vars/freeipa_master.yml | 6 -- inventory-example/group_vars/git_servers.yml | 1 - inventory-example/group_vars/linux_desktops.yml | 1 - inventory-example/group_vars/linux_laptops.yml | 2 - inventory-example/group_vars/nagios_servers.yml | 1 - .../group_vars/photostructure_servers.yml | 2 - .../group_vars/proxmox_hypervisors.yml | 1 - inventory-example/group_vars/proxmox_instances.yml | 2 - inventory-example/group_vars/rspamd_servers.yml | 2 - inventory-example/group_vars/syncthing_servers.yml | 1 - inventory-example/group_vars/ttrss_servers.yml | 5 -- inventory-example/group_vars/wiki_servers.yml | 7 -- inventory-example/group_vars/xmpp_servers.yml | 2 - 17 files changed, 95 insertions(+), 58 deletions(-) delete mode 100644 inventory-example/group_vars/dav_servers.yml delete mode 100644 inventory-example/group_vars/el8.yml delete mode 100644 inventory-example/group_vars/freeipa_master.yml delete mode 100644 inventory-example/group_vars/git_servers.yml delete mode 100644 inventory-example/group_vars/linux_desktops.yml delete mode 100644 inventory-example/group_vars/linux_laptops.yml delete mode 100644 inventory-example/group_vars/nagios_servers.yml delete mode 100644 inventory-example/group_vars/photostructure_servers.yml delete mode 100644 inventory-example/group_vars/proxmox_hypervisors.yml delete mode 100644 inventory-example/group_vars/proxmox_instances.yml delete mode 100644 inventory-example/group_vars/rspamd_servers.yml delete mode 100644 inventory-example/group_vars/syncthing_servers.yml delete mode 100644 inventory-example/group_vars/ttrss_servers.yml delete mode 100644 inventory-example/group_vars/wiki_servers.yml delete mode 100644 inventory-example/group_vars/xmpp_servers.yml (limited to 'inventory-example') diff --git a/inventory-example/40-groups b/inventory-example/40-groups index 41c1705..48ace28 100644 --- a/inventory-example/40-groups +++ b/inventory-example/40-groups @@ -1,3 +1,5 @@ +# Required Groups +# =============== # Hosts that aren't ready for Rocky 9 yet. [el8:children] asterisk_servers @@ -8,7 +10,99 @@ rspamd_servers unifi_controllers xmpp_servers -##### Nagios Hostgroups ##### + +# Required Variables +# ================== +[all:vars] +ansible_python_interpreter = /usr/libexec/platform-python +freeipa_realm = '{{ domain | upper }}' +freeipa_basedn = "dc={{ domain.split('.') | join(',dc=') }}" +freeipa_hosts = "{{ groups['freeipa_servers'] | map('regex_replace', '$', '.' ~ domain) }}" +freeipa_ldap_uri = "{{ groups['freeipa_servers'] | map('regex_replace', '^(.*)$', 'ldap://\\1.' ~ domain) | join(' ') }}" +freeipa_master = "{{ groups['freeipa_master'][0] }}" +freeipa_sysaccount_basedn = 'cn=sysaccounts,cn=etc,{{ freeipa_basedn }}' +freeipa_user_basedn = cn=users,cn=accounts,{{ freeipa_basedn }} +freeipa_group_basedn = cn=groups,cn=accounts,{{ freeipa_basedn }} +freeipa_accounts_basedn = cn=accounts,{{ freeipa_basedn }} +freeipa_service_basedn = cn=services,cn=accounts,{{ freeipa_basedn }} +ipa_host = '{{ freeipa_master }}.{{ domain }}' +ipa_user = admin +ipa_pass = '{{ freeipa_admin_password }}' + +[dav_servers:vars] +apache_can_sendmail = True +apache_can_network_connect_db = True +apache_can_connect_ldap = True +apache_gssapi = True +nagios_http_status = 401 + +[el8:vars] +proxmox_template = rocky8.7 +proxmox_bios = seabios + +[freeipa_master:vars] +# The initial FreeIPA installation requires an upstream DNS server to bootstrap itself. +proxmox_nameservers = '{{ freeipa_dns_forwarders }}' +# Update the FreeIPA master every _other_ day. If there's a botched automatic +# update, we don't want to take the entire domain down overnight. +dnf_automatic_on_calendar = '*-*-1,3,5,7,9,11,13,15,17,19,21,23,25,27,29,31 04:00:00' + +[git_servers:vars] +apache_gssapi = True + +[linux_desktops:vars] +tuned_profile = desktop + +[linux_laptops:vars] +tuned_profile = powersave +rsyslog_forward = no + +[nagios_servers:vars] +apache_gssapi = True + +[opnsense_firewalls:vars] +ansible_python_interpreter = /usr/local/bin/python3 + +[photostructure_servers:vars] +apache_gssapi = True +nagios_http_status = 401 + +[proxmox_hypervisors:vars] +ansible_python_interpreter = /usr/bin/python3 + +[proxmox_instances:vars] +tuned_profile = virtual-guest +grub_cmdline = 'console=ttyS0,115200n8 no_timer_check net.ifnames=0' + +[rspamd_servers:vars] +apache_gssapi = True +nagios_http_status = 401 + +[syncthing_servers:vars] +apache_gssapi = True + +[ttrss_servers:vars] +apache_gssapi = True +apache_can_sendmail = True +apache_can_network_connect_db = True +apache_can_network_connect = True +apache_can_connect_ldap = True + +[wiki_servers:vars] +apache_gssapi = True +apache_can_sendmail = True +apache_can_network_connect_db = True +apache_can_connect_ldap = True +apache_can_network_connect = True +nagios_http_status = 401 + +[xmpp_servers:vars] +apache_can_network_connect = True +nagios_https_vhosts = '["{{ prosody_http_host | default(ansible_fqdn) }}"]' + + +# Nagios hostgroups +# ================= [nagios_net_snmp_clients:children] nagios_ansible_managed_clients opnsense_firewalls diff --git a/inventory-example/group_vars/all/global.yml b/inventory-example/group_vars/all/global.yml index a1fed72..98b41ad 100644 --- a/inventory-example/group_vars/all/global.yml +++ b/inventory-example/group_vars/all/global.yml @@ -3,8 +3,6 @@ # In other words, this should be the only place where you should see variables # without a 'rolename_' prefix. --- -ansible_python_interpreter: /usr/libexec/platform-python - timezone: America/New_York domain: ipa.example.com # changeme email_domain: example.com # changeme @@ -88,18 +86,5 @@ vlans: # standard freeipa variables -freeipa_realm: '{{ domain | upper }}' -freeipa_basedn: "dc={{ domain.split('.') | join(',dc=') }}" -freeipa_hosts: "{{ groups['freeipa_servers'] | map('regex_replace', '$', '.' ~ domain) }}" -freeipa_ldap_uri: "{{ groups['freeipa_servers'] | map('regex_replace', '^(.*)$', 'ldap://\\1.' ~ domain) | join(' ') }}" -freeipa_master: "{{ groups['freeipa_master'][0] }}" -freeipa_sysaccount_basedn: 'cn=sysaccounts,cn=etc,{{ freeipa_basedn }}' -freeipa_user_basedn: cn=users,cn=accounts,{{ freeipa_basedn }} -freeipa_group_basedn: cn=groups,cn=accounts,{{ freeipa_basedn }} -freeipa_accounts_basedn: cn=accounts,{{ freeipa_basedn }} -freeipa_service_basedn: cn=services,cn=accounts,{{ freeipa_basedn }} freeipa_ds_password: '{{ vault_freeipa_ds_password }}' freeipa_admin_password: '{{ vault_freeipa_admin_password }}' -ipa_host: '{{ freeipa_master }}.{{ domain }}' -ipa_user: admin -ipa_pass: '{{ freeipa_admin_password }}' diff --git a/inventory-example/group_vars/dav_servers.yml b/inventory-example/group_vars/dav_servers.yml deleted file mode 100644 index 239067a..0000000 --- a/inventory-example/group_vars/dav_servers.yml +++ /dev/null @@ -1,6 +0,0 @@ -apache_can_sendmail: yes -apache_can_network_connect_db: yes -apache_can_connect_ldap: yes -apache_gssapi: yes - -nagios_http_status: 401 diff --git a/inventory-example/group_vars/el8.yml b/inventory-example/group_vars/el8.yml deleted file mode 100644 index 1aedd96..0000000 --- a/inventory-example/group_vars/el8.yml +++ /dev/null @@ -1,3 +0,0 @@ -# Force legacy BIOS for Rocky 8 VMs - UEFI doesn't seem to work. -proxmox_template: rocky8.7 -proxmox_bios: seabios diff --git a/inventory-example/group_vars/freeipa_master.yml b/inventory-example/group_vars/freeipa_master.yml deleted file mode 100644 index fbaa5b2..0000000 --- a/inventory-example/group_vars/freeipa_master.yml +++ /dev/null @@ -1,6 +0,0 @@ -# The initial FreeIPA installation requires an upstream DNS server to bootstrap itself. -proxmox_nameservers: '{{ freeipa_dns_forwarders }}' - -# Update the FreeIPA master every *other* day. If there's a botched automatic -# update, we don't want to take the entire domain down overnight. -dnf_automatic_on_calendar: '*-*-1,3,5,7,9,11,13,15,17,19,21,23,25,27,29,31 04:00:00' diff --git a/inventory-example/group_vars/git_servers.yml b/inventory-example/group_vars/git_servers.yml deleted file mode 100644 index 5f975fc..0000000 --- a/inventory-example/group_vars/git_servers.yml +++ /dev/null @@ -1 +0,0 @@ -apache_gssapi: yes diff --git a/inventory-example/group_vars/linux_desktops.yml b/inventory-example/group_vars/linux_desktops.yml deleted file mode 100644 index af4775a..0000000 --- a/inventory-example/group_vars/linux_desktops.yml +++ /dev/null @@ -1 +0,0 @@ -tuned_profile: desktop diff --git a/inventory-example/group_vars/linux_laptops.yml b/inventory-example/group_vars/linux_laptops.yml deleted file mode 100644 index 428c40b..0000000 --- a/inventory-example/group_vars/linux_laptops.yml +++ /dev/null @@ -1,2 +0,0 @@ -tuned_profile: powersave -rsyslog_forward: no diff --git a/inventory-example/group_vars/nagios_servers.yml b/inventory-example/group_vars/nagios_servers.yml deleted file mode 100644 index 5f975fc..0000000 --- a/inventory-example/group_vars/nagios_servers.yml +++ /dev/null @@ -1 +0,0 @@ -apache_gssapi: yes diff --git a/inventory-example/group_vars/photostructure_servers.yml b/inventory-example/group_vars/photostructure_servers.yml deleted file mode 100644 index a5542b4..0000000 --- a/inventory-example/group_vars/photostructure_servers.yml +++ /dev/null @@ -1,2 +0,0 @@ -apache_gssapi: yes -nagios_http_status: 401 diff --git a/inventory-example/group_vars/proxmox_hypervisors.yml b/inventory-example/group_vars/proxmox_hypervisors.yml deleted file mode 100644 index f1a3ed4..0000000 --- a/inventory-example/group_vars/proxmox_hypervisors.yml +++ /dev/null @@ -1 +0,0 @@ -ansible_python_interpreter: /usr/bin/python3 diff --git a/inventory-example/group_vars/proxmox_instances.yml b/inventory-example/group_vars/proxmox_instances.yml deleted file mode 100644 index e6e7eab..0000000 --- a/inventory-example/group_vars/proxmox_instances.yml +++ /dev/null @@ -1,2 +0,0 @@ -tuned_profile: virtual-guest -grub_cmdline: console=ttyS0,115200n8 no_timer_check net.ifnames=0 diff --git a/inventory-example/group_vars/rspamd_servers.yml b/inventory-example/group_vars/rspamd_servers.yml deleted file mode 100644 index 54e8be4..0000000 --- a/inventory-example/group_vars/rspamd_servers.yml +++ /dev/null @@ -1,2 +0,0 @@ -nagios_http_status: 401 -apache_gssapi: yes diff --git a/inventory-example/group_vars/syncthing_servers.yml b/inventory-example/group_vars/syncthing_servers.yml deleted file mode 100644 index 5f975fc..0000000 --- a/inventory-example/group_vars/syncthing_servers.yml +++ /dev/null @@ -1 +0,0 @@ -apache_gssapi: yes diff --git a/inventory-example/group_vars/ttrss_servers.yml b/inventory-example/group_vars/ttrss_servers.yml deleted file mode 100644 index fc33f6a..0000000 --- a/inventory-example/group_vars/ttrss_servers.yml +++ /dev/null @@ -1,5 +0,0 @@ -apache_gssapi: yes -apache_can_sendmail: yes -apache_can_network_connect_db: yes -apache_can_network_connect: yes -apache_can_connect_ldap: yes diff --git a/inventory-example/group_vars/wiki_servers.yml b/inventory-example/group_vars/wiki_servers.yml deleted file mode 100644 index 527d9ef..0000000 --- a/inventory-example/group_vars/wiki_servers.yml +++ /dev/null @@ -1,7 +0,0 @@ -apache_gssapi: yes -apache_can_sendmail: yes -apache_can_network_connect_db: yes -apache_can_connect_ldap: yes -apache_can_network_connect: yes - -nagios_http_status: 401 diff --git a/inventory-example/group_vars/xmpp_servers.yml b/inventory-example/group_vars/xmpp_servers.yml deleted file mode 100644 index 03e110b..0000000 --- a/inventory-example/group_vars/xmpp_servers.yml +++ /dev/null @@ -1,2 +0,0 @@ -apache_can_network_connect: yes -nagios_https_vhosts: ['{{ prosody_http_host | default(ansible_fqdn) }}'] -- cgit