diff options
| author | Guilhem Moulin <guilhem@fripost.org> | 2015-06-10 15:35:13 +0200 |
|---|---|---|
| committer | Guilhem Moulin <guilhem@fripost.org> | 2015-06-10 18:37:19 +0200 |
| commit | b408390ae9311b7d703ce57c25a78dce23c31b16 (patch) | |
| tree | d9b1c795c0ef8b75dbaef709aa8622863d636942 /roles/common/tasks/main.yml | |
| parent | a82e3759627a0612592d853796f2a1137f9189f5 (diff) | |
Configure munin nodes & master.
Interhost communications are protected by stunnel4. The graphs are only
visible on the master itself, and content is generated by Fast CGI.
Diffstat (limited to 'roles/common/tasks/main.yml')
| -rw-r--r-- | roles/common/tasks/main.yml | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml index 477bd34..df609d3 100644 --- a/roles/common/tasks/main.yml +++ b/roles/common/tasks/main.yml @@ -10,44 +10,45 @@ - include: samhain.yml tags=samhain - include: auditd.yml tags=auditd - include: rkhunter.yml tags=rkhunter - include: clamav.yml tags=clamav - include: fail2ban.yml tags=fail2ban - include: smart.yml tags=smartmontools,smart when: "not ((ansible_virtualization_role == 'guest' and ansible_virtualization_type == 'xen') or ansible_system_vendor == 'QEMU')" - include: haveged.yml tags=haveged,entropy - name: Copy genkeypair.sh and gendhparam.sh copy: src=usr/local/bin/{{ item }} dest=/usr/local/bin/{{ item }} owner=root group=root mode=0755 tags: genkey with_items: - genkeypair.sh - gendhparam.sh - name: Generate DH parameters command: gendhparam.sh /etc/ssl/private/dhparams.pem creates=/etc/ssl/private/dhparams.pem tags: genkey -- include: logging.yml tags=logging -- include: ntp.yml tags=ntp -- include: mail.yml tags=mail,postfix -- include: bacula.yml tags=bacula-fd,bacula +- include: logging.yml tags=logging +- include: ntp.yml tags=ntp +- include: mail.yml tags=mail,postfix +- include: bacula.yml tags=bacula-fd,bacula +- include: munin-node.yml tags=munin-node,munin - name: Install common packages apt: pkg={{ item }} with_items: - ca-certificates - etckeeper - ethtool - git - htop - molly-guard - rsync - screen - telnet-ssl # XXX: this is a workaround the CAcert root CAs not being present in # Jessie. In stretch, we would merely install the 'ca-cacert' package. - name: Create directory /usr/local/share/ca-certificates/CAcert file: path=/usr/local/share/ca-certificates/CAcert state=directory owner=root group=root |