diff options
| -rw-r--r-- | chaos-at-home/ch-auth-legacy.yml | 6 | ||||
| -rw-r--r-- | chaos-at-home/ch-http-proxy.yml | 46 | ||||
| -rw-r--r-- | inventory/group_vars/chaos-at-home/network.yml | 4 | ||||
| -rw-r--r-- | inventory/host_vars/ch-auth-legacy.yml | 33 | ||||
| -rw-r--r-- | inventory/host_vars/ch-http-proxy.yml | 3 | ||||
| -rw-r--r-- | inventory/hosts.ini | 2 |
6 files changed, 66 insertions, 28 deletions
diff --git a/chaos-at-home/ch-auth-legacy.yml b/chaos-at-home/ch-auth-legacy.yml new file mode 100644 index 00000000..1e15efa8 --- /dev/null +++ b/chaos-at-home/ch-auth-legacy.yml @@ -0,0 +1,6 @@ +--- +- name: Basic Setup + hosts: ch-auth-legacy + tasks: + - debug: + msg: legacy host, not maintained by ansible... diff --git a/chaos-at-home/ch-http-proxy.yml b/chaos-at-home/ch-http-proxy.yml index f90939d0..2dc38364 100644 --- a/chaos-at-home/ch-http-proxy.yml +++ b/chaos-at-home/ch-http-proxy.yml @@ -37,7 +37,6 @@ </body> </html> - - name: configure default vhost web.chaos-at-home.org vars: nginx_vhost: @@ -110,8 +109,7 @@ acme: yes hostnames: - passwd.chaos-at-home.org - # proxy_pass: "https://{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-auth-legacy']) | ipaddr('address') }}/" - proxy_pass: "https://{{ network_zones.lan.prefix | ipaddr(network_zones.lan.offsets['ch-auth-legacy']) | ipaddr('address') }}:843/" + proxy_pass: "https://{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-auth-legacy']) | ipaddr('address') }}/" proxy_ssl: verify: "on" trusted_certificate: /etc/ssl/whawty-auth-ca/ca.pem @@ -237,27 +235,27 @@ ### Service IP - # - name: install systemd service unit for service-ip - # copy: - # dest: /etc/systemd/system/http-service-ip.service - # content: | - # [Unit] - # Description=Assign HTTP Sevice IP - # After=network.target + - name: install systemd service unit for service-ip + copy: + dest: /etc/systemd/system/http-service-ip.service + content: | + [Unit] + Description=Assign HTTP Sevice IP + After=network.target - # [Service] - # Type=oneshot - # ExecStart=/usr/sbin/ip addr add dev {{ network.primary.name }} {{ network_services.http.addr }}/32 - # ExecStop=/usr/sbin/ip addr del dev {{ network.primary.name }} {{ network_services.http.addr }}/32 - # RemainAfterExit=yes + [Service] + Type=oneshot + ExecStart=/usr/sbin/ip addr add dev {{ network.primary.name }} {{ network_services.http.addr }}/32 + ExecStop=/usr/sbin/ip addr del dev {{ network.primary.name }} {{ network_services.http.addr }}/32 + RemainAfterExit=yes - # [Install] - # WantedBy=multi-user.target - # register: service_ip_systemd_unit + [Install] + WantedBy=multi-user.target + register: service_ip_systemd_unit - # - name: make sure service-ip systemd unit is enabeld and started - # systemd: - # daemon_reload: yes - # name: http-service-ip.service - # state: "{{ (service_ip_systemd_unit is changed) | ternary('restarted', 'started') }}" - # enabled: yes + - name: make sure service-ip systemd unit is enabeld and started + systemd: + daemon_reload: yes + name: http-service-ip.service + state: "{{ (service_ip_systemd_unit is changed) | ternary('restarted', 'started') }}" + enabled: yes diff --git a/inventory/group_vars/chaos-at-home/network.yml b/inventory/group_vars/chaos-at-home/network.yml index f3d1620d..c13b9602 100644 --- a/inventory/group_vars/chaos-at-home/network.yml +++ b/inventory/group_vars/chaos-at-home/network.yml @@ -16,10 +16,10 @@ network_zones: ch-oulu-vm1: 3 ## testing ch-mc: 10 ch-prometheus: 200 - ch-prometheus-old: 250 ch-gw-lan: 254 ############# ## legacy stuff + ch-prometheus-old: 250 ch-auth-legacy: 88 ## legacy ch-prometheus-legacy: 99 ## legacy wifi: @@ -59,7 +59,7 @@ network_zones: ############# ## legacy stuff ch-stats-legacy: 10 - ch-web-legacy: 80 + ch-web-legacy: 81 ch-auth-legacy: 88 ch-mail-legacy: 144 diff --git a/inventory/host_vars/ch-auth-legacy.yml b/inventory/host_vars/ch-auth-legacy.yml new file mode 100644 index 00000000..c06796cb --- /dev/null +++ b/inventory/host_vars/ch-auth-legacy.yml @@ -0,0 +1,33 @@ +--- +install_jumphost: ch-jump + +install: + vm: + memory: 512M + numcpus: 2 + autostart: True + disks: + primary: /dev/sda + scsi: + sda: + type: zfs + name: root + size: 7g + interfaces: + - bridge: br-svc + name: eth0 + +network: + nameservers: "{{ network_zones.svc.dns }}" + domain: "{{ host_domain }}" + systemd_link: + interfaces: "{{ install.interfaces }}" + primary: &_network_primary_ + name: eth0 + address: "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets[inventory_hostname]) | ipaddr('address/prefix') }}" + gateway: "{{ network_zones.svc.gateway }}" + static_routes: + - destination: "{{ network_zones.lan.prefix }}" + gateway: "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-gw-lan']) | ipaddr('address') }}" + interfaces: + - *_network_primary_ diff --git a/inventory/host_vars/ch-http-proxy.yml b/inventory/host_vars/ch-http-proxy.yml index 13e764cb..69acde86 100644 --- a/inventory/host_vars/ch-http-proxy.yml +++ b/inventory/host_vars/ch-http-proxy.yml @@ -33,5 +33,4 @@ network: - *_network_primary_ -acmetool_reconcile_disabled: yes -#acmetool_directory_server: "{{ acmetool_directory_server_le_live_v2 }}" +acmetool_directory_server: "{{ acmetool_directory_server_le_live_v2 }}" diff --git a/inventory/hosts.ini b/inventory/hosts.ini index 71564bcf..c26678b9 100644 --- a/inventory/hosts.ini +++ b/inventory/hosts.ini @@ -25,6 +25,7 @@ ch-prometheus host_name=prometheus ch-apps host_name=apps ch-http-proxy host_name=http-proxy ch-imap-proxy host_name=imap-proxy +ch-auth-legacy host_name=auth ch-atlas host_name=atlas ch-pan host_name=pan ch-keyserver host_name=keyserver @@ -263,6 +264,7 @@ vmhost-ch-gnocchi-guests ch-apps ch-http-proxy ch-imap-proxy +ch-auth-legacy [vmhost-ch-prometheus] ch-prometheus [vmhost-ch-prometheus:children] |