diff options
| -rw-r--r-- | bacula.yml | 4 | ||||
| -rw-r--r-- | common.yml | 8 | ||||
| -rw-r--r-- | munin.yml | 2 | ||||
| -rw-r--r-- | production | 10 | ||||
| -rw-r--r-- | roles/bacula-dir/templates/etc/bacula/bacula-dir.conf.j2 | 12 | ||||
| -rw-r--r-- | roles/bacula-sd/templates/etc/bacula/bacula-sd.conf.j2 | 2 | ||||
| -rw-r--r-- | roles/common/templates/etc/bacula/bacula-fd.conf.j2 | 2 | ||||
| -rw-r--r-- | roles/common/templates/etc/munin/munin-node.conf.j2 | 2 | ||||
| -rw-r--r-- | roles/common/templates/etc/ntp.conf.j2 | 4 |
9 files changed, 23 insertions, 23 deletions
@@ -1,16 +1,16 @@ --- - name: Configure the Bacula Director - hosts: bacula-dir + hosts: bacula_dir tags: - bacula - bacula-dir roles: - bacula-dir - name: Configure the Bacula Storage Daemon - hosts: bacula-sd + hosts: bacula_sd tags: - bacula - bacula-sd roles: - bacula-sd @@ -6,53 +6,53 @@ # The quickfix to ensure that plays are role-disjoint is to create a # separate play for each role. Of course the downside is that we loose # (most of) the advantage of roles... - name: Common tasks hosts: all roles: - common - name: Let's Encrypt hosts: IMAP:MX:MSA:webmail:lists:wiki:git:nextcloud gather_facts: False roles: - lacme tags: - letsencrypt - lacme - ACME - name: Common SQL tasks - hosts: MDA:webmail:lists:bacula-dir:nextcloud + hosts: MDA:webmail:lists:bacula_dir:nextcloud gather_facts: False tags: mysql,sql roles: - common-SQL - name: Common LDAP tasks - hosts: MDA:MSA:LDAP-provider:MX + hosts: MDA:MSA:LDAP_provider:MX gather_facts: True tags: slapd,ldap roles: - common-LDAP - name: Configure the LDAP provider - hosts: LDAP-provider + hosts: LDAP_provider gather_facts: False tags: slapd,ldap roles: - LDAP-provider - name: Configure the Web servers - hosts: webmail:wiki:lists:git:munin-master:nextcloud + hosts: webmail:wiki:lists:git:munin_master:nextcloud gather_facts: False tags: nginx,www,web roles: - common-web - name: Configure amavis hosts: out gather_facts: False tags: amavis roles: - amavis @@ -1,8 +1,8 @@ --- - name: Configure the Munin master - hosts: munin-master + hosts: munin_master tags: - munin - munin-master roles: - munin-master @@ -4,81 +4,81 @@ mistral.fripost.org geoip=se [elefant] elefant.fripost.org geoip=se mxno=1 [giraff] giraff.fripost.org geoip=se [antilop] antilop.fripost.org geoip=se [civett] civett.fripost.org geoip=se mxno=2 [benjamin] benjamin.skangas.se geoip=se [calima] calima.fripost.org geoip=se # ldap.fripost.org -[LDAP-provider:children] +[LDAP_provider:children] mistral -[NTP-master:children] +[NTP_master:children] mistral # imap.fripost.org [IMAP:children] mistral # mda.fripost.org [MDA:children] IMAP # mx{1,2,3}.fripost.org [MX:children] elefant civett # smtp.fripost.org [MSA:children] IMAP # outgoing.fripost.org [out:children] giraff -[bacula-dir:children] +[bacula_dir:children] benjamin -[bacula-sd:children] +[bacula_sd:children] benjamin # webmail.fripost.org [webmail:children] elefant # lists.fripost.org [lists:children] antilop [wiki:children] civett [git:children] wiki [nextcloud:children] calima -[munin-master:children] +[munin_master:children] benjamin # machines behind NAT [NATed:children] benjamin # hostnames resolving to a dynamic IP [DynDNS:children] benjamin diff --git a/roles/bacula-dir/templates/etc/bacula/bacula-dir.conf.j2 b/roles/bacula-dir/templates/etc/bacula/bacula-dir.conf.j2 index ee01930..f2ffd17 100644 --- a/roles/bacula-dir/templates/etc/bacula/bacula-dir.conf.j2 +++ b/roles/bacula-dir/templates/etc/bacula/bacula-dir.conf.j2 @@ -5,83 +5,83 @@ Director { # define myself Name = {{ inventory_hostname_short }}-dir @|"sed -n '/^bconsole\\s/ {s//Password = /p; q}' /etc/bacula/passwords-dir" Messages = Daemon Working Directory = /var/lib/bacula Pid Directory = /var/run/bacula QueryFile = "/etc/bacula/scripts/query.sql" Maximum Concurrent Jobs = 1 DirAddress = 127.0.0.1 DirPort = 9101 FDConnectTimeout = 5 min SDConnectTimeout = 5 min } JobDefs { Name = DefaultJob Type = Backup Level = Incremental - Storage = {{ hostvars[ groups['bacula-sd'][0] ].inventory_hostname_short }}-sd + Storage = {{ hostvars[ groups['bacula_sd'][0] ].inventory_hostname_short }}-sd Messages = Standard Accurate = yes #Rerun Failed Levels = yes Reschedule On Error = yes Reschedule Interval = 17 min Reschedule Times = 3 Pool = Default Priority = 10 Write Bootstrap = "/var/lib/bacula/%n.bsr" } JobDefs { Name = DefaultMySQLJob Type = Backup Level = Full - Storage = {{ hostvars[ groups['bacula-sd'][0] ].inventory_hostname_short }}-sd + Storage = {{ hostvars[ groups['bacula_sd'][0] ].inventory_hostname_short }}-sd Messages = Standard FileSet = SQL Schedule = WeeklyCycleAfterBackup Reschedule On Error = yes Reschedule Interval = 17 min Reschedule Times = 3 # This creates an ASCII copy of the databases Client Run Before Job = "/usr/bin/mysqldump -r /var/lib/bacula/tmp/dump.sql --events --all-databases" # This deletes the copy of the catalog RunScript { Runs On Client = yes Runs On Success = yes Runs On Failure = yes Runs When = after Command = "/bin/rm -f /var/lib/bacula/tmp/dump.sql" } Pool = database Priority = 20 Write Bootstrap = "/var/lib/bacula/%n.bsr" } JobDefs { Name = DefaultSlapdJob Type = Backup Level = Full - Storage = {{ hostvars[ groups['bacula-sd'][0] ].inventory_hostname_short }}-sd + Storage = {{ hostvars[ groups['bacula_sd'][0] ].inventory_hostname_short }}-sd Messages = Standard FileSet = LDAP Schedule = WeeklyCycleAfterBackup Reschedule On Error = yes Reschedule Interval = 17 min Reschedule Times = 3 # This creates an ASCII copy of the databases Client Run Before Job = "/usr/local/sbin/slapcat-all.sh /var/lib/bacula/tmp" # This deletes the copy of the catalog RunScript { Runs On Client = yes Runs On Success = yes Runs On Failure = yes Runs When = after Command = "/usr/bin/find /var/lib/bacula/tmp -type f -name '*.ldif' -delete" } Pool = database Priority = 20 Write Bootstrap = "/var/lib/bacula/%n.bsr" } @@ -108,66 +108,66 @@ Job { Full Backup Pool = mailboxes-full Schedule = Mailboxes13WeeksCycle Max Start Delay = 50 min # To avoid too many overlaps Max Full Interval = 15 weeks } {% endfor %} # Backup each machine {% for fd in groups.all | sort %} Job { Name = {{ hostvars[fd].inventory_hostname_short }} Client = {{ hostvars[fd].inventory_hostname_short }}-fd JobDefs = DefaultJob FileSet = FileSetRoot Pool = {{ hostvars[fd].inventory_hostname_short }} Priority = 15 Schedule = WeeklyCycle } {% endfor %} -{% for fd in groups['MDA'] | union(groups['webmail']) | union(groups['lists']) | union(groups['bacula-dir']) | union(groups['nextcloud']) | sort %} +{% for fd in groups['MDA'] | union(groups['webmail']) | union(groups['lists']) | union(groups['bacula_dir']) | union(groups['nextcloud']) | sort %} Job { Name = {{ hostvars[fd].inventory_hostname_short }}-mysql Client = {{ hostvars[fd].inventory_hostname_short }}-fd JobDefs = DefaultMySQLJob } {% endfor %} {% for fd in groups['MDA'] | union(groups['MSA']) | union(groups['LDAP-provider']) | union(groups['MX']) | sort %} Job { Name = {{ hostvars[fd].inventory_hostname_short }}-slapd Client = {{ hostvars[fd].inventory_hostname_short }}-fd JobDefs = DefaultSlapdJob } {% endfor %} # # Standard Restore template, to be changed by Console program # Only one such job is needed for all Jobs/Clients/Storage ... Job { Name = RestoreFiles Type = Restore Client= {{ inventory_hostname_short }}-fd FileSet = FileSetRoot - Storage = {{ hostvars[ groups['bacula-sd'][0] ].inventory_hostname_short }}-sd + Storage = {{ hostvars[ groups['bacula_sd'][0] ].inventory_hostname_short }}-sd Pool = Default Messages = Standard # NOTE: Files are put on the client (FD) that is being restored. Where = /tmp/bacula-restores } # When to do the backups, full backup on first sunday of the month, # differential (i.e. incremental since full) every other sunday, # and incremental backups other days Schedule { Name = WeeklyCycle Run = Level=Full Messages=Quiet 1st sun at 01:05 Run = Level=Differential Messages=Quiet 2nd-5th sun at 01:05 Run = Level=Incremental Messages=Quiet mon-sat at 01:05 } # Backup mailboxes: full backup every 3 months, hourly incremental backup Schedule { Name = Mailboxes13WeeksCycle @@ -368,41 +368,41 @@ FileSet { } # Client (File Services) to backup {% for fd in groups.all | sort %} Client { Name = {{ hostvars[fd].inventory_hostname_short }}-fd Address = {{ ipsec[ hostvars[fd].inventory_hostname_short ] }} FDPort = 9102 Catalog = MyCatalog @|"sed -n '/^{{ hostvars[fd].inventory_hostname_short }}-fd\\s/ {s//Password = /p; q}' /etc/bacula/passwords-dir" File Retention = 4 months Job Retention = 5 months AutoPrune = yes #Maximum Bandwidth = 1mb/s } {% endfor %} # Definition of file storage device -{% for sd in groups['bacula-sd'] | sort %} +{% for sd in groups['bacula_sd'] | sort %} Storage { Name = {{ hostvars[sd].inventory_hostname_short }}-sd Address = {{ ipsec[ hostvars[sd].inventory_hostname_short ] }} SDPort = 9103 @|"sed -n '/^{{ hostvars[sd].inventory_hostname_short }}-sd\\s/ {s//Password = /p; q}' /etc/bacula/passwords-dir" Device = FileStorage Media Type = File } {% endfor %} # Default pool definition Pool { Name = Default Pool Type = Backup Recycle = yes AutoPrune = yes Volume Retention = 3 months Maximum Volume Bytes = 5GB Label Format = "Default-${NumVols:p/4/0/r}" diff --git a/roles/bacula-sd/templates/etc/bacula/bacula-sd.conf.j2 b/roles/bacula-sd/templates/etc/bacula/bacula-sd.conf.j2 index 5ffa17c..3cbf7fe 100644 --- a/roles/bacula-sd/templates/etc/bacula/bacula-sd.conf.j2 +++ b/roles/bacula-sd/templates/etc/bacula/bacula-sd.conf.j2 @@ -5,41 +5,41 @@ # # You may need to change the name of your tape drive # on the "Archive Device" directive in the Device # resource. If you change the Name and/or the # "Media Type" in the Device resource, please ensure # that dird.conf has corresponding changes. # Storage { # define myself Name = {{ inventory_hostname_short }}-sd Working Directory = /var/lib/bacula Pid Directory = /var/run/bacula Maximum Concurrent Jobs = 20 SDAddress = {{ ipsec[inventory_hostname_short] }} SDPort = 9103 } # # List Directors who are permitted to contact Storage daemon # -{% for dir in groups['bacula-dir'] | sort %} +{% for dir in groups['bacula_dir'] | sort %} Director { Name = {{ hostvars[dir].inventory_hostname_short }}-dir @|"sed -n '/^{{ hostvars[dir].inventory_hostname_short }}-dir\\s/ {s//Password = /p; q}' /etc/bacula/passwords-sd" } # # Send all messages to the Director, # mount messages also are sent to the email address # Messages { Name = Standard director = {{ hostvars[dir].inventory_hostname_short }}-dir = all } {% endfor %} # # Devices supported by this Storage daemon # To connect, the Director's bacula-dir.conf must have the # same Name and MediaType. # diff --git a/roles/common/templates/etc/bacula/bacula-fd.conf.j2 b/roles/common/templates/etc/bacula/bacula-fd.conf.j2 index d64ac86..e06911f 100644 --- a/roles/common/templates/etc/bacula/bacula-fd.conf.j2 +++ b/roles/common/templates/etc/bacula/bacula-fd.conf.j2 @@ -1,29 +1,29 @@ # # Default Bacula File Daemon Configuration file # # For Bacula release 5.2.6 (21 February 2012) -- debian jessie/sid # # List Directors who are permitted to contact this File daemon # -{% for dir in groups['bacula-dir'] | sort %} +{% for dir in groups['bacula_dir'] | sort %} Director { Name = {{ hostvars[dir].inventory_hostname_short }}-dir @|"sed -n '/^{{ hostvars[dir].inventory_hostname_short }}-dir\\s/ {s//Password = /p; q}' /etc/bacula/passwords-fd" } # Send all messages except skipped files back to Director Messages { Name = Standard director = {{ hostvars[dir].inventory_hostname_short }}-dir = all, !skipped, !restored } {% endfor %} # # "Global" File daemon configuration specifications # FileDaemon { # define myself Name = {{ inventory_hostname_short }}-fd Working Directory = /var/lib/bacula Pid Directory = /var/run/bacula Maximum Concurrent Jobs = 20 diff --git a/roles/common/templates/etc/munin/munin-node.conf.j2 b/roles/common/templates/etc/munin/munin-node.conf.j2 index d0004b7..1563526 100644 --- a/roles/common/templates/etc/munin/munin-node.conf.j2 +++ b/roles/common/templates/etc/munin/munin-node.conf.j2 @@ -24,29 +24,29 @@ group root # Regexps for files to ignore ignore_file [\#~]$ ignore_file DEADJOE$ ignore_file \.bak$ ignore_file %$ ignore_file \.dpkg-(tmp|new|old|dist)$ ignore_file \.rpm(save|new)$ ignore_file \.pod$ # Set this if the client doesn't report the correct hostname when # telnetting to {{ ipsec[inventory_hostname_short] }}, port 4949 # host_name {{ inventory_hostname_short }} # A list of addresses that are allowed to connect. This must be a # regular expression, since Net::Server does not understand CIDR-style # network notation unless the perl module Net::CIDR is installed. You # may repeat the allow line as many times as you'd like -{% for host in groups['munin-master'] %} +{% for host in groups['munin_master'] %} allow ^{{ ipsec[ hostvars[host].inventory_hostname_short ] | ipv4 | replace(".","\.") }}$ {% endfor %} # Which address to bind to; host {{ ipsec[inventory_hostname_short] }} # And which port port 4994 diff --git a/roles/common/templates/etc/ntp.conf.j2 b/roles/common/templates/etc/ntp.conf.j2 index 7bd1c4a..18c03cf 100644 --- a/roles/common/templates/etc/ntp.conf.j2 +++ b/roles/common/templates/etc/ntp.conf.j2 @@ -1,48 +1,48 @@ # /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help driftfile /var/lib/ntp/ntp.drift # Enable this if you want statistics to be logged. #statsdir /var/log/ntpstats/ statistics loopstats peerstats clockstats filegen loopstats file loopstats type day enable filegen peerstats file peerstats type day enable filegen clockstats file clockstats type day enable # You do need to talk to an NTP server or two (or three). -{% if 'NTP-master' in group_names %} +{% if 'NTP_master' in group_names %} # Use Stratum One Time Servers: # http://support.ntp.org/bin/view/Servers/StratumOneTimeServers server sth1.ntp.se iburst server sth2.ntp.se iburst server gbg1.ntp.se iburst server gbg2.ntp.se iburst server ntp1.sp.se iburst server ntp2.sp.se iburst {% else %} # Sychronize to our (stratum 2) NTP server, to ensure our network has a # consistent time. -{% for host in groups['NTP-master'] | sort %} +{% for host in groups['NTP_master'] | sort %} server {{ ipsec[ hostvars[host].inventory_hostname_short ] }} prefer iburst {% endfor %} pool 0.{{ geoip | default('debian') }}.pool.ntp.org iburst pool 1.{{ geoip | default('debian') }}.pool.ntp.org iburst pool 2.{{ geoip | default('debian') }}.pool.ntp.org iburst pool 3.{{ geoip | default('debian') }}.pool.ntp.org iburst {% endif %} # Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for # details. The web page <http://support.ntp.org/bin/view/Support/AccessRestrictions> # might also be helpful. # # Note that "restrict" applies to both servers and clients, so a configuration # that might be intended to block requests from certain clients could also end # up blocking replies from your own upstream servers. # By default, exchange time with everybody, but don't allow configuration. restrict -4 default kod notrap nomodify nopeer noquery limited restrict -6 default kod notrap nomodify nopeer noquery limited |