Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Reborn in 2020 #26

Open
wants to merge 187 commits into
base: master
Choose a base branch
from
Open

Reborn in 2020 #26

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
187 commits
Select commit Hold shift + click to select a range
d802e3b
connection/ssh_lxc.py: new ssh_lxc interface (0)
zolfariot Mar 31, 2020
33e4e69
connection/ssh_lxc.py: new ssh_lxc interface (1)
zolfariot Mar 31, 2020
26b09fb
migrate playbook: lxc_ssh.py -> ssh_lxc.py
zolfariot Mar 31, 2020
8347980
prepare_host.yaml: use python3 packages
zolfariot Mar 31, 2020
0a38ff2
roles/ca: new apt multipackage ansible style
zolfariot Mar 31, 2020
2720707
roles/ssh_server: missed step in ssh_lxc migration
zolfariot Mar 31, 2020
d361806
roles/service: new apt multipackage ansible style
zolfariot Mar 31, 2020
c760358
library/ssh_cert.py: make it works with python3
zolfariot Mar 31, 2020
0181f31
updated requirements and MIGRATION.md explanations
zolfariot Mar 31, 2020
1ca84a3
prepare_host.yaml: new apt pkg style and tab fixed
zolfariot Mar 31, 2020
1ca9f81
roles/ssh_server: multi key and OpenSSH v8 support
zolfariot Apr 3, 2020
9e72163
library/gen_passwd.py: from Python 2 to 3
zolfariot Apr 3, 2020
69e68b8
connection/ssh_lxc.py: new invocation method
zolfariot Apr 3, 2020
4ae60f5
roles/lxc_guest: improved syntax and upgrades
zolfariot Apr 3, 2020
6e85719
roles/ldap: phamm.schema now provided locally
zolfariot Apr 3, 2020
d01553a
Update MIGRATION.md
zolfariot Apr 3, 2020
cbf22c8
roles/lxc_guest: xfs fixed
zolfariot Apr 5, 2020
4440954
roles/ldap: remove unused debconf entry for phamm
zolfariot Apr 5, 2020
dc7ed8a
roles/lxc_guest: minor refactoring
zolfariot Apr 17, 2020
32e9eeb
connection/ssh_lxc: new style for containers
zolfariot Apr 17, 2020
9a24a52
library/cert_request.py: fix tls request
zolfariot Apr 17, 2020
da88337
roles/ldap: super-refactoring and TLS support.
zolfariot Apr 17, 2020
9f51ed2
roles/gitlab: move to omnibus release
zolfariot Apr 17, 2020
efff1e6
role/ssh_server: remove hardcoded lilik.it
zolfariot Apr 17, 2020
e007dc0
group_vars/all.yaml: new example file
zolfariot Apr 17, 2020
8720df1
Documentation for refactored roles
zolfariot Apr 18, 2020
5631ae6
style and variables refactoring
zolfariot Apr 22, 2020
0f75220
Force TLSv1.3 when feasible
zolfariot Apr 22, 2020
e8622f5
ca_manager: refactor signing request
zolfariot Apr 22, 2020
d44c630
roles/gitlab: initial_root_password
zolfariot Apr 22, 2020
75260ba
roles/ldap: configuration improvements
zolfariot Apr 22, 2020
c99cb8a
reverse_proxy: use PROXY PROTOCOL
zolfariot Apr 22, 2020
c967ffd
roles/nextcloud: first commit
zolfariot Apr 22, 2020
cd5dcf2
roles/gitlabe: gitlab mattermost added
zolfariot Apr 23, 2020
392edde
roles/openvpn: updates and improvements
zolfariot Apr 23, 2020
c6af4ff
roles/matrix-synapse: upgrade, postgres, ...
zolfariot Apr 26, 2020
eb4c535
roles/nginx: proxy_protocol support
zolfariot Apr 26, 2020
410f718
roles/gitlab: proxy_protocol support
zolfariot Apr 26, 2020
1b3f7b8
roles/reverse_proxy: proxy_protocol and random fix
zolfariot Apr 26, 2020
cea0a71
roles/nginx: fix indentation in templates
zolfariot Apr 27, 2020
780a938
roles/nginx: security improvements
zolfariot Apr 27, 2020
fc9fdd7
roles/matrix-synapse: got federation working
zolfariot Apr 28, 2020
24aa112
port_forwaring: new role!
zolfariot Apr 28, 2020
bf39363
roles/coturn: new role!
zolfariot Apr 28, 2020
0322029
roles/matrix-synapse: add coturn integration support
zolfariot Apr 28, 2020
dc1479d
roles/gitlab: configure ocsp stapling correctly
zolfariot Apr 28, 2020
5dfba27
roles/service: tags and style refactoring
zolfariot Apr 28, 2020
bfb1ed9
roles/service: migrate to openwrt-init
zolfariot Apr 28, 2020
a38f930
roles/ssh_server: add tags
zolfariot Apr 28, 2020
a2dfb4c
roles/ssh_server: fix error on waiting for...
zolfariot Apr 28, 2020
f5b7d0f
updated playbooks
zolfariot Apr 28, 2020
cabcf49
library/uci: module required by port_forwarding
zolfariot Apr 28, 2020
322f876
roles/ca: temporary user unstable ca_manager branch
zolfariot Apr 28, 2020
33b61bf
roles/openvpn: add defaults
zolfariot Apr 28, 2020
f47d64b
updated group_vars/all.yaml example file
zolfariot Apr 28, 2020
43291bb
roles/nginx: no tag on service and server_name explicit
zolfariot Apr 29, 2020
bfa15d6
roles/reverse_proxy: flush handlers before contiuing
zolfariot Apr 29, 2020
23e8015
roles/reverse_proxy: fix http redirect with multiple server_names
zolfariot Apr 29, 2020
b1d583d
roles/certbot: allow duplicated instances
zolfariot Apr 29, 2020
b0f9c97
roles/riot-web: updated and tested
zolfariot Apr 29, 2020
81a6bae
roles/ldap: typos in configuration
zolfariot Apr 29, 2020
7d251ab
roles/ldap: do not enforce ssf if tls disabled
zolfariot Apr 29, 2020
7535c4a
roles/nextcloud: add ldap tls opt-out settings.
zolfariot Apr 29, 2020
0302301
roles/cotainer_file_read: port to Python 3
zolfariot Apr 29, 2020
330b914
roles/ldap: fix typo
zolfariot May 1, 2020
3a6781a
roles/nextcloud: version variable
zolfariot May 1, 2020
5c42bb0
roles/icinga2: ldap and configuration refactoring
zolfariot May 3, 2020
a14cae4
roles/icinga2: fix nginx configuration
zolfariot May 3, 2020
ab52b48
roles/icinga2: improve pgsql configuration
zolfariot May 3, 2020
21b7a65
roles/icinga2: config backend ini -> pgsql
zolfariot May 3, 2020
4ada766
icinga2/roles: create conf.d/hosts dir
zolfariot May 3, 2020
390ba2b
roles/postgresql: move to python3
zolfariot May 3, 2020
1a2e4e5
roles/icinga2-monitoring: new monitored facts format
zolfariot May 3, 2020
a03c60c
roles/icinga2-monitoring: https vhost configuration
zolfariot May 3, 2020
da6eec7
roles/lxc_guest: new monitoring format
zolfariot May 3, 2020
83a7299
roles/gitlab: new monitoring format
zolfariot May 3, 2020
83bc4f1
roles/nginx: new monitoring formats
zolfariot May 3, 2020
a043cf0
Give Variable a Scope Refactoring
zolfariot May 4, 2020
4029ad2
Use static import instead of dynamic include
zolfariot May 4, 2020
db69a1f
add missing tasks name
zolfariot May 5, 2020
956852d
fixup! Use static import instead of dynamic include
zolfariot May 5, 2020
fafcb71
fixup! Give Variable a Scope Refactoring
zolfariot May 6, 2020
bc06838
lxc guest playbooks - common task files
zolfariot May 6, 2020
e46dc3c
roles/monitoring_agent: new role !
zolfariot May 6, 2020
dfc2d06
roles/icinga2: allow remote ssh agents
zolfariot May 6, 2020
905928c
roles/icinga2-monitoring: allow remote ssh agents
zolfariot May 6, 2020
a1befa9
roles/gitlab: advanced http monitoring
zolfariot May 6, 2020
fb7f660
roles/matrix-synapse: advanced http monitoring
zolfariot May 6, 2020
6722f63
roles/nginx: advanced http monitoring
zolfariot May 6, 2020
9a7f89b
roles/nextcloud: advanced http monitoring
zolfariot May 6, 2020
2453c02
roles/riot-web: advanced http monitoring
zolfariot May 6, 2020
3d25d8f
roles/icinga2-monitoring: allows advanced http mon
zolfariot May 6, 2020
9492565
roles/service: fix opkg installation
zolfariot May 6, 2020
9d250a3
prepare_host: fix typo in xfs module
zolfariot May 6, 2020
6234240
roles/nextcloud: use version-agnostic php packages
zolfariot May 6, 2020
c03b9af
roles/ca_cert: new role!
zolfariot May 7, 2020
4d48fd1
roles/icinga2: issue client ssh key for icinga user
zolfariot May 7, 2020
ab3d23f
fixup! roles/service: fix opkg installation
zolfariot May 7, 2020
b963521
prepare_host: add monitoring agent
zolfariot May 7, 2020
9cf3c87
roles/reverse_proxy: better handling of multi names
zolfariot May 8, 2020
a848d61
safer password handling in ldap and nextcloud
zolfariot May 8, 2020
e92c42c
roles/nextcloud: fix reverse proxy for webdav
zolfariot May 16, 2020
9ce361f
roles/nextcloud: php-fpm settings optimization
zolfariot May 16, 2020
265d70c
roles/nextcloud: typos and deprecations
zolfariot May 16, 2020
6eb3fd6
roles/nextcloud: ldap groups memberof overlay fix
zolfariot May 16, 2020
267ff56
roles/ca_cert: custom algorithm and broker chain
zolfariot May 16, 2020
a3dd2cc
roles/ldap: add servers
zolfariot May 16, 2020
2754e1b
roles/ldap: fix logging
zolfariot May 16, 2020
2c3d068
roles/ldap: fix acl to add user to groups
zolfariot May 16, 2020
599e0b8
roles/lxc_guest: add unprivileged support
zolfariot May 16, 2020
80f8f61
roles/icinga2: new templates configuration
zolfariot May 16, 2020
6db052e
monitoring: new host template
zolfariot May 16, 2020
0d032a9
fixup! roles/nextcloud: ldap groups memberof overlay fix
zolfariot May 16, 2020
def1bfe
roles/icinga2: fix for debian bullseye
zolfariot May 16, 2020
6ddf490
monitoring: increased max proc for lxc host
zolfariot May 16, 2020
5488494
prepare_lxc_guest: added vm_size var
zolfariot May 16, 2020
b478954
roles/dns_record: use full fqdn in hosts file
zolfariot May 16, 2020
d2ef029
fixup! monitoring: new host template
zolfariot May 16, 2020
423ea9a
roles/gitlab: update cache after apt
zolfariot May 16, 2020
d867438
roles/nextcloud: use ldap username instead of uuid
zolfariot May 18, 2020
3707cf0
roles/ldap: prepare for bump to ansible 2.10
zolfariot May 18, 2020
19f0753
roles/certbot: add alternate fqdns variable
zolfariot May 27, 2020
80b5d67
roles/certbot: zero downtime, reload only
zolfariot May 27, 2020
041a842
roles/ca_cert: role variable scope
zolfariot May 27, 2020
8e84130
roles/dns_record: add host default
zolfariot May 27, 2020
caa2cba
roles/nginx: add alternate fqdn variable
zolfariot May 27, 2020
e838349
roles/nginx: add tls 1.2 support
zolfariot May 27, 2020
4ce0465
roles/nextcloud: add alternate fqdns support
zolfariot May 27, 2020
26097f8
roles/lxc and prepare host: apt autorefresh
zolfariot May 27, 2020
6a8ed99
prepare_host: typo
zolfariot May 27, 2020
aac0856
roles/nextcloud: fix folder permission
zolfariot May 27, 2020
11fc503
roles/ldap: test_user instead of pippo
zolfariot May 27, 2020
78dfe48
roles/ldap: add syncrepl support
zolfariot May 27, 2020
4221233
roles/icinga2: ssh control persist and ldap checks
zolfariot May 27, 2020
cf34d95
roles/ldap: monitoring fact added
zolfariot May 27, 2020
35bc300
roles/etherpad: new role !
zolfariot May 27, 2020
ca11d57
roles/onlyoffice: new role !
zolfariot May 27, 2020
3f8db5c
roles/ldap: improved log and repl fix
zolfariot Jun 5, 2020
db3c300
roles/coturn: use only loopback topology
zolfariot Jun 5, 2020
5278d25
roles/icinga2: improved web service syntax
zolfariot Jun 5, 2020
5efe297
roles/icinga2: support for backup ldap servers
zolfariot Jun 5, 2020
48a3657
roles/lxc_guest: add support for alpine linux vm
zolfariot Jun 5, 2020
e6f1e96
roles/coturn: add support for alpine linux
zolfariot Jun 5, 2020
507072b
roles/icinga2: add dns monitoring for web services
zolfariot Jun 5, 2020
849e99d
roles/nextcloud: bumps to .5 and php 7.4
zolfariot Jun 5, 2020
454bf96
roles/nextcloud: ldap tunings
zolfariot Jun 5, 2020
cec0b7c
roles/borg[server|repo]: new roles!
zolfariot Jun 5, 2020
b01feab
backup status monitoring
zolfariot Jun 5, 2020
fd02d01
roles/onlyoffice: fix to run 5.5.3
zolfariot Jun 5, 2020
21ca2fb
roles/service: linux alpine support
zolfariot Jun 5, 2020
2fe5d4f
playbook ldap with replication
zolfariot Jun 5, 2020
41ed7f2
playbook status with ldap mirror
zolfariot Jun 5, 2020
e095830
playbook nextcloud with onlyoffice and backup
zolfariot Jun 5, 2020
f01b9fc
prepare_lxc_container: var to skip ssh config for thin vm
zolfariot Jun 5, 2020
1ea9cab
playbook to upgrade os package managers
zolfariot Jun 5, 2020
de3e0ac
bulk playbooks renaming
zolfariot Jun 11, 2020
996ee61
roles/ldap/acl: rules for group (non root) sub-admins
zolfariot Jun 11, 2020
e6e5388
ldap: use `uid` instead of `cn` for usernames
zolfariot Jun 11, 2020
2b068f1
host/gitea: add backup configuration
zolfariot Jul 4, 2020
14dbd20
roles/icinga2: read ldap secret from config file
zolfariot Jul 4, 2020
1627979
roles/icinga2: update to php7.4
zolfariot Jul 4, 2020
375d1db
roles/riot-web: update to 1.6.8
zolfariot Jul 4, 2020
96aba4b
roles/*: tags refactoring
zolfariot Jul 4, 2020
a76d3c0
roles/matrix-synapse: better ldap integration
zolfariot Jul 4, 2020
e9fd8f7
roles/matrix-synapse: update to debian bullseye
zolfariot Jul 4, 2020
ba31d46
roles/gitea: new role!
zolfariot Jul 4, 2020
f160a4c
roles/nextcloud: bump to 19.0.3
zolfariot Sep 22, 2020
6c9e2fb
roles/riot-web: bump to 1.7.15, add tags
zolfariot Dec 13, 2020
a34c5fe
roles/nextcloud: bump to 20.0.3
zolfariot Dec 13, 2020
c112650
roles/port_forwarding: add prefix to var names
zolfariot Dec 13, 2020
7d08549
roles/lxc_guest: enable unattented upgrade
zolfariot Dec 13, 2020
c20cd34
roles/lxc_guest: fix: wrong indent
zolfariot Dec 13, 2020
e14b940
roles/gitea: customizable ssh port
zolfariot Dec 13, 2020
0ae3508
roles/coturn: use new port_forwarding var prefix
zolfariot Dec 13, 2020
2fd28f9
roles/borgrepo: encryption and multi-remote, to test
zolfariot Dec 13, 2020
65b4164
roles/gitea: bump to 1.13.0
zolfariot Dec 17, 2020
d96c1a9
roles/nextcloud: bump to 20.0.4
zolfariot Dec 24, 2020
8b4fc58
playbooks: enable proxy protocol forwarding
zolfariot Dec 24, 2020
7c8cdbc
playbooks/matrix-synapse: increase VM size
zolfariot Dec 24, 2020
c2a8e42
playbooks/matrix-synapse: set VM as unprivileged
zolfariot Dec 24, 2020
5d5638e
playbooks/matrix-synapse: add custom configuration values
zolfariot Dec 24, 2020
e911151
playbooks/matrix-synapse: configure backup
zolfariot Dec 24, 2020
734787b
roles/gitea: bump to 1.13.1
zolfariot Jan 15, 2021
9d9d6c5
roles/lxc_guest: make ansible --check mode works
zolfariot Jan 15, 2021
17e409a
roles/lxc_guest: fix apparmor/lxc/systemd incompatiblity
zolfariot Jan 15, 2021
6b7b1ef
roles/nextcloud: bump to 20.0.5
zolfariot Jan 15, 2021
c848e7e
roles/borg(repo,server): change default user
zolfariot Feb 17, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
44 changes: 44 additions & 0 deletions MIGRATION.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
# State of migration of each role

Each new role will be tested against:

On the controller:

- `python==3.7.3` (Debian Stable)
- `python==3.8.2`
- `ansible==2.9.6`

On the hosts:

- `python==3.7.3`
- `debian==buster` (physical hosts and containers)
- `openwrt` (firewall)

# Current status

## Roles

| Role name | Modified? | Tested? | Production? | Notes |
|---------------------|:---------:|:--------:|:-----------:|--------------------------------------------------------------------|
| `roles/service` | **YES** | **YES** | NO | New `apt` module style for packages. |
| `roles/ssh_server` | **YES** | **YES** | NO | `lxc_ssh.py` --> `ssh_lxc.py`, multi-key support. |
| `roles/ca` | **YES** | ReadNote | NO | New `apt` module style for pacakges. Works with this [ca_manager]. |
| `prepare_host.yaml` | **YES** | **YES** | NO | Migrate Debian release to Buster and Python 2 to 3. |
| `roles/lxc_guest` | **YES** | **YES** | NO | Updated Debian and LXC. |
| `roles/ldap` | **YES** | **YES** | NO | `phamm.schema` now provided locally. |
| `roles/nginx` | NO | NO | NO | |
| `roles/projects` | NO | NO | NO | |
| `roles/dns_record` | NO | NO | NO | |
| `roles/openvpn` | NO | NO | NO | |


## Plugins and Modules

| Plugin/Module name | Modified? | Tested? | Production? | Notes |
|------------------------|:---------:|:---------:|:-----------:|-----------------------------|
|`connection/lxc_ssh.py` | *REMOVED* | | | |
|`connection/ssh_lxc.py` | **NEW** | **YES** | NO | Replace `lxc_ssh.py`. |
|`library/ssh_cert.py` | **YES** | **YES** | NO | Migrate Python 2 to 3. |
|`library/gen_passwd.py` | **YES** | **YES** | NO | Migrate Python 2 to 3. |

[ca_manager]: https://github.com/LILiK-117bis/ca_manager/tree/peewee3%2Brfc5280
Loading