From 676ba6662d0ac4a700b961f18c7a0b492efb0fa2 Mon Sep 17 00:00:00 2001 From: Daniel Berteaud Date: Tue, 20 Aug 2024 10:00:11 +0200 Subject: [PATCH] Update to 2024-08-20 10:00 --- roles/common/meta/main.yml | 1 + roles/lemonldap_ng/files/logos/hoppscotch.png | Bin 0 -> 2093 bytes roles/lemonldap_ng/files/logos/rallly.png | Bin 0 -> 5829 bytes roles/nomad_bin/defaults/main.yml | 4 +- roles/ntp_client/defaults/main.yml | 8 +- roles/pbs/tasks/services.yml | 1 - roles/penpot/defaults/main.yml | 4 +- roles/pve/defaults/main.yml | 5 - roles/pve/tasks/facts.yml | 8 -- roles/pve/tasks/main.yml | 113 ------------------ roles/pve/tasks/zabbix.yml | 2 +- roles/repo_zabbix/tasks/Debian.yml | 1 + roles/squash_tm/defaults/main.yml | 4 +- 13 files changed, 13 insertions(+), 138 deletions(-) create mode 100644 roles/lemonldap_ng/files/logos/hoppscotch.png create mode 100644 roles/lemonldap_ng/files/logos/rallly.png delete mode 100644 roles/pve/tasks/facts.yml diff --git a/roles/common/meta/main.yml b/roles/common/meta/main.yml index 7ebb06d..b77f673 100644 --- a/roles/common/meta/main.yml +++ b/roles/common/meta/main.yml @@ -6,6 +6,7 @@ dependencies: - role: repo_base when: ansible_os_family == 'RedHat' - role: network + when: (net_hosts is defined and net_hosts | length > 0) or (net_if is defined and net_if | length > 0) - role: iptables when: iptables_manage | default(True) - role: zabbix_agent diff --git a/roles/lemonldap_ng/files/logos/hoppscotch.png b/roles/lemonldap_ng/files/logos/hoppscotch.png new file mode 100644 index 0000000000000000000000000000000000000000..3df4fd458e513366a747622ee8d867399c45e997 GIT binary patch literal 2093 zcmV+|2-5e7P)EX>4Tx04R}tkv&L4Q5c4wdo2=C8ghtexPvv-QW3S41rivD8E7?hf6@f+P42zY z;uy3F4gD-x4K2;JHnavo&<{j&LsL;p#EqkZ64|$$hxdH%$NAm^aD1BUE$W(lMRp=))16`ZTFEM|u7RB{I7FregGSZiT@-8MlU10sfL86cprBDAPXU)<@>nQ1B#9AikVi*h zmJLkQnji58zq56+qa*c6!6@ zp?eF?ubP^+3m4na`&d+MwI=xhIh%#IQwU|C=LQ1H_1qfwoZLgI4DoB&KY+m;bg#78 z+uxeozdeooegK!PaNC zZ*1Ir)OC_#J86`X1|@Cz2&hH0m=6gF6a{!G;)y3D1QIe5Ji$wa5aKB>ydWY(pn!m) zsI(z&)Ff3*f~`0;O{gJF;!k3Gc6aXKVRm-r&TLkiotbmb*FERl|2ZS1e74H{<^wX4c zjHZo|r6>HFl_8@?SfX_mxcTx*`uJJJWpF(-AR}iUPSc%|?%meB|YFZQYD`rQXuFROHhxW4xC(#zjam z%>DcfsoFEsaqeF$yRvNhSOne8FTUx5j0N|0ZsEbdXl>p^MbFUdtAm?PV=5? ziq_7V_+3Ge=88H?t-AoCyM2_NTy$ttJffK}#ylBX&RS~Mv5ur@dwhpCeh|qk(&l@) zgnecL9UDQb6+kfeR*`G}Le9;==4O(LRw5*Sf;6%t#hrtiD>T|vx9?%U_$>9wk3eS; z#6+i9BzhJDwK~P$zYf3rGgzGBR7jtI)&`}xW4mSn$38wx_?e^Va6fdFFl$@b&LX;F z5Lw%x@TUvNo7Z6RZlr5x6^_GVn>IlfBz(S zKC%%&EhK!T3Z)|6#X0MNkfxf-#bd_^T*NCuV!jMS~?_3qPlRg zz8MvGZ&w1dzCrhop#41wyf)XgT1mZ2vsk06KKUGYUQ`dNV6`cqJe#yKR55?O3>yKB zFMR?X8H}7cGDiKS&(Zkd*OMJI9Wkd~q2mvKgRPpY+$v#L8Trsy%4u9n1No*ofTyIs+-BsB9~_IUOkW3VF-7A0DP~Rd&OT` zhRd@L=x~DPZ!1qZO$9;zvxK>M8+&wu@aZRzQU~6tKO*O^CI~rP#h&~WvK7Gl%Scc| zF3#bfoyH75j2#>RwaCT>^4i5b(l*~czq>q@07tSjSzN-qIES5h6nkhN_Sk_4a2D@@ zDEje3)L;A<`sCwyXI@J-wHY9=e|r{||K|XK=a)OD9@w{Ihu*u3eR33fx?5Fj`??7akE5S_ z3hD1b?%ziim+;SB#=CF@`Nu+}VyljKcZu-uI3@^?nHx?SrhrJCjut^jlWs!_KlwHF z?|udC?M_8Yv7IIC@gs2j2xfT=Z*~EhzlB;wRyUwj!0y`xjRqRjqa&K$W2xG&tybA) z{L=KqJNOXcOOu47J2H){sj(hH!Ee*D6|=IA|ASM=>U{@ErBtnGYJ6@xhH1Jcj6o-M zVGr#^tNq|LkL{&dWcJ_aPzBxl2)exj#R3?EymtpPeGN7PH@$$A1}d7&a}RbR>SXRW zfHQ1nCnb^0m`AP^1Nf@CB1m6r>d~eXnja+Ezon=`G6%#>OJk?BHH5_cs?AS9x zrP5OpdmW_e)+> zW;C>Y-*;qNk*U+r6U@)Ac>s+dSnxZFf5-4VNI8#)Z6@1HS93pSzt1<* z%flI=qN@Uf!4M1=2OsDkDZ7;6(62Z)_ALyi=oRZ1DDeTJkV27w!wmSpZk`#!~J5J>R#=C|iwzT~}J(!f6QxjG)X_iP9r}x~c?4R$O4{KW3-mu3Qsp ziiPwJ=Dt@A%Y9sODlW3N$I#wuc8Rx1>aS1K#z)m5!*M2K7gl(F=&8S^5dM9|_ns-G zg_yhV_b>C9`V0BIqv`&SHT*M05*6k{%*=YEp!(o3H=A0ocR!Cj%^W#&;?Rx>PU2K~ zMzGd%;K!Cib*tk%y@oeh`XOd&p6YA0n^L3~%bztHD+~tZmv3nN5$BHZJU;4Gv-!hR zeVoIF);rhL=?7QF|1x&f>gs^2dVH7upIh7BTc?!w{J8h|y?fftw_oc74{B%*MN=ch zU|B;z5%avI(tQ-$Y4C7z%f>$}*%6MWmBp(SqsH%O4d_}=KD}&EkJ%ERmYMv^np-Jn zmtJsZopw07E&=FEI4pV$XJ-zl(6HO8CQnO}M4&CPp`TBRCl)+g4Eeb|u|q|#>) zc}pcyvw6pjtjylsDTs{8U2y-+NrH(d#9biL#NzH{ho$o0Rb`+)6l=Yd&ucU(s)g58 z`NHfJI^|hbi{y&Z&%bOl*z{B1n#1rUyqmL}x14-%s&3X#4f@Fk+WZcjJiEQrD3!N2 zo?wAA)b|G9srUvJ`e7SgHA+sJafZvXV}S(X zWj4i|NpNT2xR-K#T3U}AQl9)nM~$-5bgP|a0JDv0d~|EJHPP=}#ZGD7PJYLgQ;C%i zDuZ0nQT^GQXp$EdVbz7Pt6ijx{8Ym=OIBI7|F&}Hy3*~Vf}*FM9ifIqopC!v?Rk=B zLY3C>V{%wgMfr=t6i%fzFATOUVMg3r~I;jean>K0>M5Qq^>A zsBYI3g@w=B+X(p+-l6nsmJxo znME8fv467D*YHq#_mKERYoB4v3w!6bNn_{W+}}+1cc)jf)Xat-S9zR?P#JCym*&Qt zept5dSpHD8pdNAOK8fs~j&yyDY#BUco+~(*@IudH$;Gnf+v%Hovp-Oc60{NGH0x3X z_lC_f>A_7pcLJ2}7rLgUweP)O$o##`8KI4pj$Uo+P<%$q=;ghWnyxH#T5Fx@cJlm{ zr@ozkTo^21j3i`t-oIDk@+jAId@*BvU9L_5!QSSC;cj$jdKsyy236dZKjcyc{zadB z5_RL}aOr6!$6XW2gFky?H!A+Fb97M8AbqO7VmQybcEEgHVo=Sfs7gCLb*k>jsXXk^ zACByN?Ylwy6+>p75tnLnkcK*I=n;oftDNlg&xQ_4@H_OY9yUs6&N-KNJx}P@BSl!) zmY4#CoAdKV;oT*%`vdA~I^Bj!>i_y>^`q~apCX3(fVXudHD=Ce@$^JWa8~`q*|ud(X$^8wf{ly*ia1l&)+Lky3V+G-L33Aa`p2YlEy&UW?N0z1ZW$B&D7W?^ty5 z?Ai%T#$&fuO9ra zk18(J&d>=ZN)p=@#@t8i+8=9IsvzE*1tHMQQp-v>y;a>oZ13ysdhe3xa%p34W<%bkj)AKWg9oOo#lc@tD0vEj<9PB)3>Q%i+@r&6&8`OJinyEjFUd%CxQ=R ziw3s@h5_-9Ea|Hkq0+fJ$TP#?%I2z;s>XG%JSqTT^Omg|)KS+LHRFs%6NzfE5NxkW4Uy%cr5nYOkS?Ts93AKy=5t3+=&Bu1l;4^o{lK zW5tHCC~TCCwTe|V6$0Ra5&#*^3+Ice(KOT?E)}|$i7_bToQfojh6;4|LfQ*NAd+BC zFvp@Dqq&iIl(h=dO2p<+eH@%VLO@S6RH#HEq+&2pQBmem7Ulv`2nI)?P%v0L29HNW z8fbA0Ujjs<`QkM)hg%YlSkCb5oOhJT%hC)H($WQU{gzoO2;rZf^EI@o< zq5&ZWXO6}2c$kG2Vu@oU1oAPUe`_K3gI*ReKA>0-A!31!ksx2PW+4Qd_1Rt+Aqt;M zht0x(;UEuE6+>QeU$}H;xO;uJkWmoAKj^^8v$TVehm zCsuO`3z`gMH!p*l7t{+epPS)F&Y*bzm!FSw@xOF|M1FJfRs4RV>lAU#0x5y8df)sr-GM0{PHeP!x1nn$>WoLkBH5)79AlHY@uU)txy4NfrxTg2XVG zs+R1MgXQIGLqa79!`)Hoxw0C9Le$^4Y6dz-KW8}5{Q_@{2U$iuasg~xjmcK%MU zTb2~qQ;UAAcfICrzV~$6J=@X|WvualKeL0bR47p1Y8(?6e@3|C=EEg&!wr>tqWpPr zo^SO77)^H`7w{WxFNez?vbuTHb~jq1UxB(}Oc_ZWQpGOrkk3d9?3qRv3gnB=d2b8} z&hRO=uCj}6JkfmdnWl~Zipu1S>$1BDUARV^W!lB>`=KVidnV& z>a1Kh`TNeHey4!t1xLzY#Qs$X)J?&<*t^0Rr^}23Nyh#8f5ECZ^(FsPIr^#6v$n!( blj^;= 6 -# as it's built in the kernel -- name: Do not load nf_conntrack_proto_gre for PVE6 - set_fact: pve_mod_to_load={{ pve_mod_to_load | difference(['nf_conntrack_proto_gre']) }} - when: ansible_distribution_major_version | int >= 10 - tags: pve diff --git a/roles/pve/tasks/main.yml b/roles/pve/tasks/main.yml index 6d15ef2..b15b1e5 100644 --- a/roles/pve/tasks/main.yml +++ b/roles/pve/tasks/main.yml @@ -1,22 +1,13 @@ --- -- include_tasks: facts.yml - tags: always - - name: Install tools apt: name: - - pigz - ksm-control-daemon - - openvswitch-switch - ethtool - patch tags: pve -- name: Deploy vzdump config - template: src=vzdump.conf.j2 dest=/etc/vzdump.conf - tags: pve - - name: Deploy ksm configuration template: src=ksmtuned.conf.j2 dest=/etc/ksmtuned.conf notify: restart ksmtuned @@ -26,70 +17,6 @@ service: name=ksmtuned state={{ pve_ksm | ternary('started','stopped') }} enabled={{ pve_ksm | ternary(True,False) }} tags: pve -- name: Configure modules to load - copy: content={{ pve_mod_to_load | join("\n") }} dest=/etc/modules-load.d/firewall.conf - register: pve_modules - tags: pve - -- name: Load modules - service: name=systemd-modules-load state=restarted - when: pve_modules.changed - tags: pve - -- name: Check proxmox cluster status - command: pvesh get /cluster/status --output-format=json - register: pve_cluster_status_1 - ignore_errors: True - changed_when: False - tags: pve - -- name: Parse proxmox cluster status - set_fact: pve_cluster={{ pve_cluster_status_1.stdout | from_json }} - when: pve_cluster_status_1.rc == 0 - tags: pve - -- name: Check proxmox cluster status (old pvesh) - command: pvesh get /cluster/status - when: pve_cluster_status_1.rc != 0 - register: pve_cluster_status_2 - changed_when: False - tags: pve - -- name: Parse proxmox cluster status (old pvesh) - set_fact: pve_cluster={{ pve_cluster_status_2.stdout | from_json }} - when: pve_cluster_status_1.rc != 0 - tags: pve - -- name: Deploy the unlock_dev script - copy: src=unlock_dev dest=/usr/local/bin/unlock_dev mode=755 - tags: pve - -- name: Check if the old hookd daemon is installed - stat: path=/usr/local/bin/pve-hookd - register: pve_old_hookd - tags: pve - -- name: Stop the old hookd daemon - service: name=pve-hookd state=stopped - when: pve_old_hookd.stat.exists - tags: pve - -- name: Remove the old hook daemon - file: path={{ item }} state=absent - loop: - - /usr/local/bin/pve-hookd - - /etc/hooks - - /etc/systemd/system/pve-hookd.service - - /etc/tmpfiles.d/pve-container-hooks.conf - - /etc/systemd/system/pve-container@.service.d/pve-container-hooks.conf - - /var/run/lxc/active - tags: pve - -- name: Reload systemd - command: systemctl daemon-reload - when: pve_old_hookd.stat.exists - tags: pve - - include_tasks: pve_online.yml when: pve_online == True tags: always @@ -113,26 +40,6 @@ notify: restart pveproxy tags: pve -- name: Rise limits for containers - pam_limits: - domain: '*' - limit_type: "{{ item.type }}" - limit_item: nofile - value: "{{ item.value }}" - loop: - - type: soft - value: 65000 - - type: hard - value: 65535 - tags: pve - -- name: Rise inotify instances - sysctl: - name: fs.inotify.max_user_instances - value: 1024 - sysctl_file: /etc/sysctl.d/ansible.conf - tags: pve - - name: Ensure dehydrated hook dir exists file: path=/etc/dehydrated/hooks_deploy_cert.d/ state=directory tags: pve,ssl @@ -141,26 +48,6 @@ template: src=dehydrated_hook.sh.j2 dest=/etc/dehydrated/hooks_deploy_cert.d/20pve.sh mode=755 tags: pve,ssl -# See https://bugzilla.proxmox.com/show_bug.cgi?id=2326 why -- name: Create corosync override directory - file: path=/etc/systemd/system/corosync.service.d/ state=directory - tags: pve - -- name: Setup corosync to be restarted in case of failure - copy: - content: | - [Service] - Restart=on-failure - RestartSec=1 - dest: /etc/systemd/system/corosync.service.d/ansible.conf - register: pve_corosync_unit - tags: pve - -- name: Reload systemd - systemd: daemon_reload=True - when: pve_corosync_unit.changed - tags: pve - - include_tasks: zabbix.yml tags: always diff --git a/roles/pve/tasks/zabbix.yml b/roles/pve/tasks/zabbix.yml index 44b98be..997a126 100644 --- a/roles/pve/tasks/zabbix.yml +++ b/roles/pve/tasks/zabbix.yml @@ -12,5 +12,5 @@ user: root job: "/var/lib/zabbix/bin/util_populate_pve_cache" minute: "*/5" - state: "{{ (pve_zabbix_cache and pve_zabbix_scripts.stat.exists) | ternary('present','absent') }}" + state: "{{ (pve_zabbix_cache and pve_zabbix_scripts.stat.exists and pve_zabbix_cache) | ternary('present','absent') }}" tags: pve,zabbix diff --git a/roles/repo_zabbix/tasks/Debian.yml b/roles/repo_zabbix/tasks/Debian.yml index 9c99d8e..b654afc 100644 --- a/roles/repo_zabbix/tasks/Debian.yml +++ b/roles/repo_zabbix/tasks/Debian.yml @@ -18,4 +18,5 @@ # Zabbix plugin repo doesn't have bookworm yet, so use bullseye for now in this case repo: deb http://repo.zabbix.com/zabbix-agent2-plugins/1/{{ ansible_distribution | lower }} {{ (ansible_distribution_major_version is version('12', '>=')) | ternary('bullseye', ansible_distribution_release) }} main filename: zabbix + state: absent tags: repo,zabbix diff --git a/roles/squash_tm/defaults/main.yml b/roles/squash_tm/defaults/main.yml index b3c1926..730297a 100644 --- a/roles/squash_tm/defaults/main.yml +++ b/roles/squash_tm/defaults/main.yml @@ -1,11 +1,11 @@ --- # Version of Shash TM to install -squashtm_version: 7.1.0 +squashtm_version: 7.2.0 # Archive URL which will be downloaded during install/upgrades squashtm_archive_url: https://nexus.squashtest.org/nexus/repository/public-releases/tm/core/squash-tm-distribution/{{ squashtm_version }}.RELEASE/squash-tm-{{ squashtm_version }}.RELEASE.tar.gz # Expected checksum of the archive -squashtm_archive_sha256: 2b61241782a38af287ca09f500bd90b3a4c6c06857129370e45fda6c3ad4e6f2 +squashtm_archive_sha256: 73f64a445f57cfca5e35fe93193261d5ef1fecba1132c8764adce3af1156b4ad # Should ansible handle upgrades ? (if False, only initial install and configuration will be done) squashtm_manage_upgrade: True