forked from infra/ansible
remove racktables and partially remove snmpd
This commit is contained in:
parent
6945b4918c
commit
4c7d472f2f
@ -78,11 +78,6 @@ nextcloud_dbpass: "{{ vault_owncloud_dbpass }}"
|
|||||||
prosody_admin: moepman@jabber.binary-kitchen.de
|
prosody_admin: moepman@jabber.binary-kitchen.de
|
||||||
prosody_domain: jabber.binary-kitchen.de
|
prosody_domain: jabber.binary-kitchen.de
|
||||||
|
|
||||||
racktables_domain: racktables.binary.kitchen
|
|
||||||
racktables_dbname: racktables
|
|
||||||
racktables_dbuser: racktables
|
|
||||||
racktables_dbpass: "{{ vault_racktables_dbpass }}"
|
|
||||||
|
|
||||||
radius_secret: "{{ vault_radius_secret }}"
|
radius_secret: "{{ vault_radius_secret }}"
|
||||||
|
|
||||||
root_keys:
|
root_keys:
|
||||||
|
@ -1,28 +1,26 @@
|
|||||||
$ANSIBLE_VAULT;1.1;AES256
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
33346463653863326630313739393238353131306365373534303661383738313662323237363835
|
30633066386634326339363932653361343134656532383161353139376335303532393166386262
|
||||||
6531663763306562396639663162376162316163646465620a646261663530393337373465323036
|
3164663530626430386166393730393034633138656139650a353164356561396365303332356430
|
||||||
61366539333364616533666331356334343436383731636564656462643962336631653732656233
|
38356664306237393166323835383836663936613334333361643732343331616661376666393932
|
||||||
6339373936343963380a386532306663336234623563336661653830653362653661326166343765
|
6135613235353831350a616431326561633463656162333439623130386161383862376432383435
|
||||||
66313334373532636430353064373237353162326539393234636165313136396162633337306266
|
61303234656530316366353431393631393930626566323866396132643934623931363266316630
|
||||||
32303835323763343131333364313863623531333338633133376233613561393761373763343964
|
39303861373632386336363136653536383063663539316434623632353266333630643135303630
|
||||||
31396134623236393639373236393833663336376132623731663463386661303532643539356565
|
31636366623639616534383862323234376639376564646132383537626436616365663266366434
|
||||||
64366366333533623763653162666164383766386635373866626638656362663330383164633533
|
66363761356431633238313666333536656463613762343634346364323261613163373866373962
|
||||||
38646233356464316639353161623839623035343862393866393762336234613035363561363831
|
35393530303830383666326436313264636536613239613037353964343661366531343934323538
|
||||||
35653666373836323464363636346264666537656363386431666530363031303935373331326232
|
37303737343639623130323034396339363533666337656331353738363339626236643838346266
|
||||||
38613831383033623537656638303262396634373531373839306238613438376637616565633666
|
34333937666465643864303864333533643836383965353138343136356437396136643634326137
|
||||||
65666430663639666230656135316430626534313939363338643064613338336363653939303166
|
38626532616666656139306133613561623438316536323830636665333566386165336261323666
|
||||||
37333364363633316638353739643634623762633966666134646439376237323861313361393030
|
30323038313434343134653630373035383837373561373932383464633433623266653032343865
|
||||||
62303666623935663530626632393830656437666530613030363131376264326334323137386161
|
39653036623762626263613764393165656362373231386463653534393232373562346330656531
|
||||||
31636636313033326131313962396534336238303962656631653961396130303132306433363165
|
36623636626538613036303231633462366232366631643831653131343464366265373464653838
|
||||||
65613232646365306262383263376165323462653636656535383039353133333765393036633530
|
63633335633936623930333062336233663366356663326663623539323662633737616638623534
|
||||||
65376239633437643563636136333238306133313732373139633532663232336331326439396234
|
65623730646461343835326539303866303966353632316335313834636133326330393939373338
|
||||||
36383362313739663631393266313363356434323461626137643039383661353532336237303966
|
65643561393131343461323235656339373831613835393832346165343565326436336163643064
|
||||||
65393237613463626561643739363737313131393639383661303931343435383165663835633937
|
65613865393435333733326539643864353632643466336335616665336630613230333834376337
|
||||||
63623066326536316134366461643737316263353235353961663364643634666661376564363531
|
38346233303437393032393735653438663662333334643539393666643234383232386366333138
|
||||||
38323863613465613733653331623139663138616639626339373436666630306436386139663431
|
63303737333366333663353361623534653039383038636234363066646165643166356263356535
|
||||||
38353036336435313238643664376633326665306433346265366636663635363031383939656539
|
30393466643464393935396163336533306163323164383233333834643630353939643165333132
|
||||||
38393962356363646134346431663930346139326361613431613765363463353661313034616131
|
30626532336666623033333565333763353864613333646561663338343038363632643564363835
|
||||||
64643831353639313030363763626133343736643433663732393730663466323535333939346233
|
32323036613662336637303662383061333039376232643164376238393839326639323837616337
|
||||||
35396664336661613961393533346264623633643430633766346364366361356633336461366361
|
6334
|
||||||
63663735323630656238643962373036306466646330666334336664613834306362633562386334
|
|
||||||
653164613435363436666361376364623461
|
|
||||||
|
@ -1,18 +1,5 @@
|
|||||||
---
|
---
|
||||||
|
|
||||||
- name: Install snmpd
|
|
||||||
pkgng: name=net-snmp
|
|
||||||
tags: snmp
|
|
||||||
|
|
||||||
- name: Configure snmpd
|
|
||||||
template: src=snmpd.conf.j2 dest=/usr/local/etc/snmpd.conf
|
|
||||||
notify: Restart snmpd
|
|
||||||
tags: snmp
|
|
||||||
|
|
||||||
- name: Start the snmpd service
|
|
||||||
service: name=snmpd state=started enabled=yes
|
|
||||||
tags: snmp
|
|
||||||
|
|
||||||
- name: Install misc software
|
- name: Install misc software
|
||||||
pkgng: name={{ item }}
|
pkgng: name={{ item }}
|
||||||
with_items:
|
with_items:
|
||||||
|
@ -1,7 +0,0 @@
|
|||||||
---
|
|
||||||
|
|
||||||
- name: Restart nginx
|
|
||||||
service: name=nginx state=restarted
|
|
||||||
|
|
||||||
- name: Run acertmgr
|
|
||||||
command: /opt/acertmgr/acertmgr.py
|
|
@ -1,5 +0,0 @@
|
|||||||
---
|
|
||||||
|
|
||||||
dependencies:
|
|
||||||
- { role: acertmgr }
|
|
||||||
- { role: nginx, nginx_ssl: True }
|
|
@ -1,53 +0,0 @@
|
|||||||
---
|
|
||||||
|
|
||||||
- name: Install dependencies
|
|
||||||
apt: name={{ item }}
|
|
||||||
with_items:
|
|
||||||
- mysql-server
|
|
||||||
- php7.0-fpm
|
|
||||||
- php7.0-gd
|
|
||||||
- php7.0-ldap
|
|
||||||
- php7.0-mbstring
|
|
||||||
- php7.0-mysql
|
|
||||||
- php7.0-snmp
|
|
||||||
- python-mysqldb
|
|
||||||
|
|
||||||
- name: Configure MySQL database
|
|
||||||
mysql_db: name={{ racktables_dbname }}
|
|
||||||
|
|
||||||
- name: Configure MySQL user
|
|
||||||
mysql_user: name={{ racktables_dbuser }} password={{ racktables_dbpass }} priv={{ racktables_dbname }}.*:ALL state=present
|
|
||||||
|
|
||||||
- name: Unpack RackTables
|
|
||||||
unarchive: src=http://heanet.dl.sourceforge.net/project/racktables/RackTables-0.20.11.tar.gz dest=/opt creates=/opt/RackTables-0.20.11/README remote_src=yes
|
|
||||||
|
|
||||||
- name: Create link
|
|
||||||
file: src=/opt/RackTables-0.20.11 dest=/opt/racktables state=link
|
|
||||||
|
|
||||||
- name: Configure RackTables
|
|
||||||
template: src=secret.php.j2 dest=/opt/racktables/wwwroot/inc/secret.php owner=www-data group=www-data mode=0400
|
|
||||||
|
|
||||||
- name: Ensure certificates are available
|
|
||||||
command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/{{ racktables_domain }}.key -out /etc/nginx/ssl/{{ racktables_domain }}.crt -days 730 -subj "/CN={{ racktables_domain }}" creates=/etc/nginx/ssl/{{ racktables_domain }}.crt
|
|
||||||
notify: Restart nginx
|
|
||||||
|
|
||||||
- name: Request nsupdate key for certificate
|
|
||||||
include_role: name=acme-dnskey-generate
|
|
||||||
vars:
|
|
||||||
acme_dnskey_san_domains:
|
|
||||||
- "{{ racktables_domain }}"
|
|
||||||
|
|
||||||
- name: Configure certificate manager for racktables
|
|
||||||
template: src=certs.j2 dest=/etc/acertmgr/{{ racktables_domain }}.conf
|
|
||||||
notify: Run acertmgr
|
|
||||||
|
|
||||||
- name: Configure vhost
|
|
||||||
template: src=vhost.j2 dest=/etc/nginx/sites-available/racktables
|
|
||||||
notify: Restart nginx
|
|
||||||
|
|
||||||
- name: Enable vhost
|
|
||||||
file: src=/etc/nginx/sites-available/racktables dest=/etc/nginx/sites-enabled/racktables state=link
|
|
||||||
notify: Restart nginx
|
|
||||||
|
|
||||||
- name: Start php7.0-fpm
|
|
||||||
service: name=php7.0-fpm state=started enabled=yes
|
|
@ -1,18 +0,0 @@
|
|||||||
---
|
|
||||||
|
|
||||||
{{ racktables_domain }}:
|
|
||||||
- mode: dns.nsupdate
|
|
||||||
nsupdate_server: {{ acme_dnskey_server }}
|
|
||||||
nsupdate_keyfile: {{ acme_dnskey_file }}
|
|
||||||
- path: /etc/nginx/ssl/{{ racktables_domain }}.key
|
|
||||||
user: root
|
|
||||||
group: root
|
|
||||||
perm: '400'
|
|
||||||
format: key
|
|
||||||
action: '/usr/sbin/service nginx restart'
|
|
||||||
- path: /etc/nginx/ssl/{{ racktables_domain }}.crt
|
|
||||||
user: root
|
|
||||||
group: root
|
|
||||||
perm: '400'
|
|
||||||
format: crt,ca
|
|
||||||
action: '/usr/sbin/service nginx restart'
|
|
@ -1,55 +0,0 @@
|
|||||||
<?php
|
|
||||||
$pdo_dsn = 'mysql:host=localhost;dbname={{ racktables_dbname }}';
|
|
||||||
$db_username = '{{ racktables_dbuser }}';
|
|
||||||
$db_password = '{{ racktables_dbpass }}';
|
|
||||||
|
|
||||||
# Setting MySQL client buffer size may be required to make downloading work for
|
|
||||||
# larger files, but it does not work with mysqlnd.
|
|
||||||
# $pdo_bufsize = 50 * 1024 * 1024;
|
|
||||||
# Setting PDO SSL key, cert, and CA will allow a SSL/TLS connection to the MySQL
|
|
||||||
# DB. Make sure the files are readable by the web server
|
|
||||||
# $pdo_ssl_key = '/path/to/ssl/key'
|
|
||||||
# $pdo_ssl_cert = '/path/to/ssl/cert'
|
|
||||||
# $pdo_ssl_ca = '/path/to/ssl/ca'
|
|
||||||
|
|
||||||
$user_auth_src = 'database';
|
|
||||||
$require_local_account = TRUE;
|
|
||||||
# Default setting is to authenticate users locally, but it is possible to
|
|
||||||
# employ existing LDAP or Apache user accounts. Check RackTables wiki for
|
|
||||||
# more information, in particular, this page for LDAP configuration details:
|
|
||||||
# http://wiki.racktables.org/index.php?title=LDAP
|
|
||||||
|
|
||||||
#$LDAP_options = array
|
|
||||||
#(
|
|
||||||
# 'server' => 'localhost',
|
|
||||||
# 'domain' => 'example.com',
|
|
||||||
# 'search_attr' => '',
|
|
||||||
# 'search_dn' => '',
|
|
||||||
# // The following credentials will be used when searching for the user's DN:
|
|
||||||
# 'search_bind_rdn' => NULL,
|
|
||||||
# 'search_bind_password' => NULL,
|
|
||||||
# 'displayname_attrs' => '',
|
|
||||||
# 'options' => array (LDAP_OPT_PROTOCOL_VERSION => 3),
|
|
||||||
# 'use_tls' => 2, // 0 == don't attempt, 1 == attempt, 2 == require
|
|
||||||
#);
|
|
||||||
|
|
||||||
# For SAML configuration details:
|
|
||||||
# http://wiki.racktables.org/index.php?title=SAML
|
|
||||||
|
|
||||||
#$SAML_options = array
|
|
||||||
#(
|
|
||||||
# 'simplesamlphp_basedir' => '../simplesaml',
|
|
||||||
# 'sp_profile' => 'default-sp',
|
|
||||||
# 'usernameAttribute' => 'eduPersonPrincipName',
|
|
||||||
# 'fullnameAttribute' => 'fullName',
|
|
||||||
# 'groupListAttribute' => 'memberOf',
|
|
||||||
#);
|
|
||||||
|
|
||||||
# This HTML banner is intended to assist users in dispatching their issues
|
|
||||||
# to the local tech support service. Its text (in its verbatim form) will
|
|
||||||
# be appended to assorted error messages visible in user's browser (including
|
|
||||||
# "not authenticated" message). Beware of placing any sensitive information
|
|
||||||
# here, it will be readable by unauthorized visitors.
|
|
||||||
#$helpdesk_banner = '<B>This RackTables instance is supported by Example Inc. IT helpdesk, dial ext. 1234 to report a problem.</B>';
|
|
||||||
|
|
||||||
?>
|
|
@ -1,33 +0,0 @@
|
|||||||
server {
|
|
||||||
listen 80;
|
|
||||||
listen [::]:80;
|
|
||||||
|
|
||||||
server_name {{ racktables_domain }};
|
|
||||||
|
|
||||||
location / {
|
|
||||||
return 301 https://{{ racktables_domain }}$request_uri;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
server {
|
|
||||||
listen 443 ssl http2;
|
|
||||||
listen [::]:443 ssl http2;
|
|
||||||
|
|
||||||
server_name {{ racktables_domain }};
|
|
||||||
|
|
||||||
ssl_certificate_key /etc/nginx/ssl/{{ racktables_domain }}.key;
|
|
||||||
ssl_certificate /etc/nginx/ssl/{{ racktables_domain }}.crt;
|
|
||||||
|
|
||||||
root /opt/racktables/wwwroot;
|
|
||||||
|
|
||||||
index index.php;
|
|
||||||
|
|
||||||
location ~ \.php(?:$|/) {
|
|
||||||
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
|
||||||
include fastcgi_params;
|
|
||||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
|
||||||
fastcgi_param PATH_INFO $fastcgi_path_info;
|
|
||||||
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
|
|
||||||
fastcgi_intercept_errors on;
|
|
||||||
}
|
|
||||||
}
|
|
Loading…
Reference in New Issue
Block a user