The full Ansible roles documentation for the latest release of SEAPATH is available on Ansible Galaxy.

Debian role

The scripts and binaries are installed in the /usr/local/bin directory. The override of systemd service are installed in /etc/systemd.

• Installs python3-setup-ovs (sources here) with its service votp-config_ovs and enables it.

• Installs vm_manager (sources here).

• Installs backup-restore (sources here).

• Installs script to get a console of a virtual machine.

• Configures vim.

• Installs a SEAPATH resource agent

• Configures syslog-ng. If specified, installs certificates, keys and CA.

• Configures the libvirtd and pacemaker services.

• Sets the UID and GID to 902 for the SNMP user.

• Configures SNMP daemon and service. Installs scripts to get back the machine's status.

• Remove the virtu user if needed.

• Installs sudo's fragment for the SNMP user.

• Configures the systemd's journal.

• Configures an admin user with its group and sudo's fragment.

• Adds a live-migration user.

• Adds panicreboot and bridge_nf_call rules to the kernel.

• Adds br_netfilter and raid6_pq modules to the kernel.

• Configures AppArmor.

• Configures the network with systemd.

• Configures the environment and the hosts.

• Configures the hddtemp.

• Configures the package manager.

• Configures libvirtd.

• Configures GRUB.

Hypervisor role

• Enables the docker service.

• Adds vhost_vsock module to the kernel.

• Installs the votp-taskset with its service.

• Adds schedrt rules to the kernel.

• Adds modules to the kernel specified by sriov_driver.

• Adds sriov rule to the kernel.

• Configures GRUB.

• Configures tuned.

• Configures systemd.

• Configures slices of systemd.

• Configures ovs-vswitchd service.

• Installs ptp_status with its service.

Debian-hardening role

• Create ansible and privileged group.

• Configures parameters of the kernel.

• Updates the coredump, kexec and binfmt_misc rules to the kernel.

• Installs sysctl-hardening and network-hardening rules to the kernel.

• Adds nf_conntrack module to the kernel.

• Installs random-root-passwd service and enable it.

• Installs mktmpdir and terminal_idle profile for a shell session.

• Configures the SSH server.

• Installs ANSI and ceph-osd-smartctl rules to sudo.

• Adds users to priviliged groups.

• Configures sudo to be run only users members of privileged group.

• Configures login.defs.

• Configures PAM.

• Configures securetty.

• Configures some services specified in hardened_services.

• Uninstalls useless packages.

• Disable useless services.

• Sets a password to GRUB.

• Installs audit configuration.

Corosync role

• Regenerates the authentication key.

• Synchronizes the key between the hosts.

• Generates the configuration of corosync.