/
Ansible Roles in SEAPATH

Ansible Roles in SEAPATH

This content is archived.
Out of date. Will be replaced by a proper description of each roles
Learn more

The full Ansible roles documentation for the latest release of SEAPATH is available on Ansible Galaxy.

Warning

This below configuration might be deprecated and needs to be reviewed.

Debian role

The scripts and binaries are installed in the /usr/local/bin directory. The override of systemd service are installed in /etc/systemd.

  • Installs python3-setup-ovs (sources here) with its service votp-config_ovs and enables it.

  • Installs vm_manager (sources here).

  • Installs backup-restore (sources here).

  • Installs script to get a console of a virtual machine.

  • Configures vim.

  • Installs a SEAPATH resource agent

  • Configures syslog-ng. If specified, installs certificates, keys and CA.

  • Configures the libvirtd and pacemaker services.

  • Sets the UID and GID to 902 for the SNMP user.

  • Configures SNMP daemon and service. Installs scripts to get back the machine's status.

  • Remove the virtu user if needed.

  • Installs sudo's fragment for the SNMP user.

  • Configures the systemd's journal.

  • Configures an admin user with its group and sudo's fragment.

  • Adds a live-migration user.

  • Adds panicreboot and bridge_nf_call rules to the kernel.

  • Adds br_netfilter and raid6_pq modules to the kernel.

  • Configures AppArmor.

  • Configures the network with systemd.

  • Configures the environment and the hosts.

  • Configures the hddtemp.

  • Configures the package manager.

  • Configures libvirtd.

  • Configures GRUB.

Hypervisor role

  • Enables the docker service.

  • Adds vhost_vsock module to the kernel.

  • Installs the votp-taskset with its service.

  • Adds schedrt rules to the kernel.

  • Adds modules to the kernel specified by sriov_driver.

  • Adds sriov rule to the kernel.

  • Configures GRUB.

  • Configures tuned.

  • Configures systemd.

  • Configures slices of systemd.

  • Configures ovs-vswitchd service.

  • Installs ptp_status with its service.

Debian-hardening role

  • Create ansible and privileged group.

  • Configures parameters of the kernel.

  • Updates the coredump, kexec and binfmt_misc rules to the kernel.

  • Installs sysctl-hardening and network-hardening rules to the kernel.

  • Adds nf_conntrack module to the kernel.

  • Installs random-root-passwd service and enable it.

  • Installs mktmpdir and terminal_idle profile for a shell session.

  • Configures the SSH server.

  • Installs ANSI and ceph-osd-smartctl rules to sudo.

  • Adds users to priviliged groups.

  • Configures sudo to be run only users members of privileged group.

  • Configures login.defs.

  • Configures PAM.

  • Configures securetty.

  • Configures some services specified in hardened_services.

  • Uninstalls useless packages.

  • Disable useless services.

  • Sets a password to GRUB.

  • Installs audit configuration.

Corosync role

  • Regenerates the authentication key.

  • Synchronizes the key between the hosts.

  • Generates the configuration of corosync.